On Mon, Dec 07, 2020 at 02:20:50AM +0100, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: memleak > > Fixes: > > 27766/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5198300814508032 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavformat/matroskadec.c | 12 ++++++++++++ > > 1 file changed, 12 insertions(+) > > > > diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c > > index 44db2c8358..18fc2750a1 100644 > > --- a/libavformat/matroskadec.c > > +++ b/libavformat/matroskadec.c > > @@ -2318,6 +2318,18 @@ static int matroska_parse_tracks(AVFormatContext *s) > > if (!track->codec_id) > > continue; > > > > + if (track->type == MATROSKA_TRACK_TYPE_AUDIO && track->codec_id[0] > > == 'A') { > > + ; > > + } else if (track->type == MATROSKA_TRACK_TYPE_VIDEO && > > track->codec_id[0] == 'V') { > > + ; > > + } else if ((track->type == MATROSKA_TRACK_TYPE_SUBTITLE || > > track->type == MATROSKA_TRACK_TYPE_METADATA) && > > + (track->codec_id[0] == 'S' || track->codec_id[0] == > > 'D')) { > > + ; > > + } else { > > + av_log(matroska->ctx, AV_LOG_INFO, "Inconsistent track > > type\n"); > > + continue; > > + } > > + > > if (track->audio.samplerate < 0 || track->audio.samplerate > > > INT_MAX || > > isnan(track->audio.samplerate)) { > > av_log(matroska->ctx, AV_LOG_WARNING, > > > Let me guess: The audio buffer used for Real audio codecs leaks because > matroska_read_close() only frees it for audio tracks, whereas it is > possible that a codec gets one of these audio track codec ids without > being of MATROSKA_TRACK_TYPE_AUDIO (hence also not being of > AVMEDIA_TYPE_AUDIO, which is a bug in itself). So I agree with the aim > of these checks, but I think writing > > if ((track->type == MATROSKA_TRACK_TYPE_AUDIO && track->codec_id[0] != > 'A') || > (track->type == MATROSKA_TRACK_TYPE_VIDEO && track->codec_id[0] != > 'V') || > ... > > makes the intent clearer.
will apply with this change thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Into a blind darkness they enter who follow after the Ignorance, they as if into a greater darkness enter who devote themselves to the Knowledge alone. -- Isha Upanishad
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
