From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 14EF848ABA
	for <ffmpegdev@gitmailbox.com>; Sat, 27 Apr 2024 23:18:14 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 12BB868D2D2;
	Sun, 28 Apr 2024 02:18:12 +0300 (EEST)
Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com
 [209.85.215.176])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 91E1168BAD8
 for <ffmpeg-devel@ffmpeg.org>; Sun, 28 Apr 2024 02:18:05 +0300 (EEST)
Received: by mail-pg1-f176.google.com with SMTP id
 41be03b00d2f7-5ce07cf1e5dso2451833a12.2
 for <ffmpeg-devel@ffmpeg.org>; Sat, 27 Apr 2024 16:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1714259882; x=1714864682; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=u6FZg4L6GEdGR3hWsZhZzesv7I0dubco3O0xJ2MIqi0=;
 b=MQOYeWRsYpTuVmAQnF3/qJRp/ssEOEuIuM3Lrg7ATDhZCMDZFA/aWUVGrliClQjEQk
 KhaGdkp1mgLRKRdW0EB2Y3zeD9rSIa3CCvkp1VdWkra0lOfaQKM7x+C7xL13IApd0rSm
 QiJzxd6Up4f4GwZxg8zKOgbhWzxlGe2S3p2iwfk6/6GmgvrcMosj4iNcbbABy0HV4905
 grTo+U09YanYGgF6glUZo2IyDQ699zqF5Wg6zJUBalwXkqdmdYJpIWtwmWzNj2Fw2aiG
 Wif4djaoGFP0RuVJ5G/PGR73dPEz87zdnL4Wg4f0KEo98zsm0cNyRwD0i6/zIjWKhhl8
 rt9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1714259882; x=1714864682;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=u6FZg4L6GEdGR3hWsZhZzesv7I0dubco3O0xJ2MIqi0=;
 b=ZiedQ+HTtZWcuWPl040hnTPn6XCMWPV0X0dj+gfzN8x8SqmsttLVOuYLvb2v7MWrHy
 jC+S6NRdHcK5EUL4pgKSc4/oQhByGNsi2HITXP1a1J2Zw0l6zev5PBQkum5TmgTaN0xt
 wpVSm+IutKPlW7u5MEsVm7IrPct7ynm3wPI1d89WxXDx/9Ihb3veIsAE0LxTZakeEJiI
 0El6lmcpXl5+avhSqib+FucYKzTThYMeEGAqsN8mYDBx70w4RVqN86S4jBjecPR0QhDs
 dgmTSkXDNtZoiH+bMndSO7ViawUYNP6DTOvLljYJBUBQ2wUyMbu3aLLyaJXb9biAc/eg
 bkzQ==
X-Gm-Message-State: AOJu0Yz8Wg9n38ACY84M2TfMAGunym9M5pDYjdIts4ONy5bQxBrdSJzl
 VV8cf6NiFaHL+H5czRHQctiwrHweJpBa9rNVjQjYVoo0RxKDosQ+7J1hoQ==
X-Google-Smtp-Source: AGHT+IEetnxTpSvCPjt6dzmgE2KgMaymzKxporirIXH1YXhnF74uR+w3GFJHYvXLxlxqFWCMIGY32g==
X-Received: by 2002:a17:902:d2c2:b0:1e4:3b58:7720 with SMTP id
 n2-20020a170902d2c200b001e43b587720mr9374889plc.2.1714259881847; 
 Sat, 27 Apr 2024 16:18:01 -0700 (PDT)
Received: from localhost.localdomain ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 o16-20020a170902d4d000b001eb3f705ddasm2093745plg.255.2024.04.27.16.18.00
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 27 Apr 2024 16:18:01 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sat, 27 Apr 2024 20:17:37 -0300
Message-ID: <20240427231737.3017-1-jamrial@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240427010141.3011-1-jamrial@gmail.com>
References: <20240427010141.3011-1-jamrial@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v2] avformat/mov: free the infe allocated
 item data on failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240427231737.3017-1-jamrial@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index ede25d3342..9e95c6fcc0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -84,6 +84,7 @@ typedef struct MOVParseTableEntry {
 
 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom);
 static int mov_read_mfra(MOVContext *c, AVIOContext *f);
+static void mov_free_stream_context(AVFormatContext *s, AVStream *st);
 static int64_t add_ctts_entry(MOVCtts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
                               int count, int duration);
 
@@ -8181,7 +8182,7 @@ static int mov_read_iinf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
     HEIFItem *heif_item;
     int entry_count;
-    int version, ret;
+    int version, got_stream = 0, ret, i;
 
     if (c->found_iinf) {
         av_log(c->fc, AV_LOG_WARNING, "Duplicate iinf box found\n");
@@ -8201,20 +8202,33 @@ static int mov_read_iinf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
                sizeof(*c->heif_item) * (entry_count - c->nb_heif_item));
     c->nb_heif_item = FFMAX(c->nb_heif_item, entry_count);
 
-    for (int i = 0; i < entry_count; i++) {
+    for (i = 0; i < entry_count; i++) {
         MOVAtom infe;
 
         infe.size = avio_rb32(pb) - 8;
         infe.type = avio_rl32(pb);
         ret = mov_read_infe(c, pb, infe, i);
         if (ret < 0)
-            return ret;
-        if (ret)
-            return 0;
+            goto fail;
+        if (!ret)
+            got_stream = 1;
     }
 
-    c->found_iinf = 1;
+    c->found_iinf = got_stream;
     return 0;
+fail:
+    for (; i >= 0; i--) {
+        HEIFItem *item = &c->heif_item[i];
+
+        av_freep(&item->name);
+        if (!item->st)
+            continue;
+
+        mov_free_stream_context(c->fc, item->st);
+        ff_remove_stream(c->fc, item->st);
+        item->st = NULL;
+    }
+    return ret;
 }
 
 static int mov_read_iref_dimg(MOVContext *c, AVIOContext *pb, int version)
@@ -9561,6 +9575,10 @@ static int mov_read_header(AVFormatContext *s)
                 return err;
         }
     }
+    // prevent iloc and iinf boxes from being parsed while reading packets.
+    // this is needed because an iinf box may have been parsed but ignored
+    // for having old infe boxes which create no streams.
+    mov->found_iloc = mov->found_iinf = 1;
 
     if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
         if (mov->nb_chapter_tracks > 0 && !mov->ignore_chapters)
-- 
2.44.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".