[FFmpeg-devel] [PATCH] cbs_apv: Fix memory leak on metadata parse failure
Mark Thompson
sw at jkqxz.net
Sat May 17 13:31:12 EEST 2025
On 14/05/2025 21:50, Mark Thompson wrote:
> Buffers are allocated inside some metadata types, so we must ensure
> that the object is visible to the free function before a parse failure.
>
> Found by libFuzzer.
> ---
> libavcodec/cbs_apv_syntax_template.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/cbs_apv_syntax_template.c b/libavcodec/cbs_apv_syntax_template.c
> index ca66349141..fc8a08ff31 100644
> --- a/libavcodec/cbs_apv_syntax_template.c
> +++ b/libavcodec/cbs_apv_syntax_template.c
> @@ -543,11 +543,11 @@ static int FUNC(metadata)(CodedBitstreamContext *ctx, RWContext *rw,
> return AVERROR_INVALIDDATA;
> }
>
> + current->metadata_count = p + 1;
> +
> CHECK(FUNC(metadata_payload)(ctx, rw, pl));
>
> metadata_bytes_left -= pl->payload_size;
> -
> - current->metadata_count = p + 1;
> if (metadata_bytes_left == 0)
> break;
> }
Applied. Simple application of libFuzzer to the decoder hasn't found anything else, either.
Thanks,
- Mark
More information about the ffmpeg-devel
mailing list