[FFmpeg-devel] [PATCH 2/5] avformat/avs: unref packet after avs_read_audio_packet() fail

Mon Apr 17 01:25:15 EEST 2023

Fixes: memleak
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-6738814988320768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavformat/avs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/avs.c b/libavformat/avs.c
index ab47980a11c..2ce8b19c412 100644
--- a/libavformat/avs.c
+++ b/libavformat/avs.c
@@ -156,9 +156,11 @@ static int avs_read_packet(AVFormatContext * s, AVPacket * pkt)
     uint8_t palette[4 + 3 * 256];
     int ret;
 
-    if (avs->remaining_audio_size > 0)
+    if (avs->remaining_audio_size > 0) {
         if (avs_read_audio_packet(s, pkt) > 0)
             return 0;
+        av_packet_unref(pkt);
+    }
 
     while (1) {
         if (avs->remaining_frame_size <= 0) {
-- 
2.17.1

