[FFmpeg-devel] [PATCH v1] avformat/imf: fix bad free() when directory name of the input url is empty

Mon Jan 3 17:59:19 EET 2022

From: Pierre-Anthony Lemieux <pal at palemieux.com>

Signed-off-by: Pierre-Anthony Lemieux <pal at palemieux.com>
---

Notes:
    Found through manual fuzzing.

 libavformat/imfdec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/imfdec.c b/libavformat/imfdec.c
index f17064cfcd..4e42db8d30 100644
--- a/libavformat/imfdec.c
+++ b/libavformat/imfdec.c
@@ -622,11 +622,15 @@ static int imf_read_header(AVFormatContext *s)
     int ret = 0;
 
     c->interrupt_callback = &s->interrupt_callback;
+
     tmp_str = av_strdup(s->url);
     if (!tmp_str)
         return AVERROR(ENOMEM);
+    c->base_url = av_strdup(av_dirname(tmp_str));
+    av_freep(&tmp_str);
+    if (!c->base_url)
+        return AVERROR(ENOMEM);
 
-    c->base_url = av_dirname(tmp_str);
     if ((ret = ffio_copy_url_options(s->pb, &c->avio_opts)) < 0)
         return ret;
 
-- 
2.17.1

