[FFmpeg-devel] [PATCH] avformat/mov: make better use of av_fast_realloc and fix spurious ENOMEM

[Zhao Zhili]

If sc->ctts_allocated_size is larger than the new buffer size,
av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
ctts_allocated_size should be reset to zero. It's better to avoid
free sc->ctts_data at the first place to make better use of
av_fast_realloc().
---
 libavformat/mov.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dcd263b02a..fcb5a583bd 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3014,6 +3014,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
     AVStream *st;
     MOVStreamContext *sc;
+    MOVStts *ctts_data;
     unsigned int i, entries, ctts_count = 0;
 
     if (c->fc->nb_streams < 1)
@@ -3031,10 +3032,13 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
         return AVERROR_INVALIDDATA;
-    av_freep(&sc->ctts_data);
-    sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
-    if (!sc->ctts_data)
+    ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
+    if (!ctts_data) {
+        av_freep(&sc->ctts_data);
+        sc->ctts_allocated_size = 0;
         return AVERROR(ENOMEM);
+    }
+    sc->ctts_data = ctts_data;
 
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         int count    = avio_rb32(pb);
-- 
2.25.1