On Thu, Sep 14, 2023 at 1:48 AM Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: use after free > Fixes: > 62153/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-4702814909366272 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/vlc.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/vlc.c b/libavcodec/vlc.c > index b353d2e86c2..f4bab0ae529 100644 > --- a/libavcodec/vlc.c > +++ b/libavcodec/vlc.c > @@ -471,10 +471,13 @@ int ff_vlc_init_multi_from_lengths(VLC *vlc, > VLC_MULTI *multi, int nb_bits, int > goto fail; > } > } > - ret = vlc_common_end(vlc, nb_bits, j, buf, flags, localbuf); > + ret = vlc_common_end(vlc, nb_bits, j, buf, flags, buf); > if (ret < 0) > goto fail; > - return vlc_multi_gen(multi->table, vlc, nb_elems, j, nb_bits, buf, > logctx); > + ret = vlc_multi_gen(multi->table, vlc, nb_elems, j, nb_bits, buf, > logctx); > + if (buf != localbuf) > + av_free(buf); > + return ret; > fail: > if (buf != localbuf) > av_free(buf); > -- > 2.17.1 > > LGTM > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
