From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 3400E4CE76 for ; Wed, 14 May 2025 20:50:55 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D6ACD68BDC8; Wed, 14 May 2025 23:50:51 +0300 (EEST) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1549968BC45 for ; Wed, 14 May 2025 23:50:45 +0300 (EEST) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-3a1d8c09683so132891f8f.0 for ; Wed, 14 May 2025 13:50:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jkqxz-net.20230601.gappssmtp.com; s=20230601; t=1747255844; x=1747860644; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=ujc7Fn3TBzo8kuooNtqa7ANRFoIXH7CJA/NXoPkN+XQ=; b=N/flxZaCoIynsDvhkRWa/6Uin6iPqCXgGlWuXHOfx5YuxCcAEHRN0RcSFUFz4/VVPv jPGO2oY3/3TMnuWOYKwUao5w2DaxbzZZKIV2/4xNl1eeTpzKcBGj7hCXjPolr9L1tl62 Nnrh6+hVI8/8TEtmGu9jj5YoWRJ7VkJ+Xr6vQZHF+UVe1qsj5wBNYtsskXNFZVZm8Brj ScgPSsnc3eX3ff5yQu43pdhYW0Sn9tpzxTPWuKYNTmQUW2vPqGrlVVsym/T2Vmf9CRcF Tsi2WdUeB2LQCTD33Pvnm/5eTU//eJbWMU4iAWnFpma6uSO7SAa1cXGIlDrIirqVvFuG IGEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747255844; x=1747860644; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ujc7Fn3TBzo8kuooNtqa7ANRFoIXH7CJA/NXoPkN+XQ=; b=VjJdYMIkVwVOM2zRwkkI9nXNCc4LipBfYsplKI4Rkmqj27sW0S85DTsfDFZpFG83Zc 7so37C7pSVzjFmuwcjih5/U3oI1dkALt2xhF/o+z07pnLbiZ0rTD66fM4gEwsCkCZNRq Flq2E/qe1Db5wWhZIvbbzzqraVAAXA2Vd9MnzI90x3grYSa4p4H2v8d2Ro/cYmsK5/IQ QLmyRGjLdiSiDTy+6pYqvRx00zOYzHaj8hAxX7akVNn2YhLRkd0xAocDpJl/H6Y51zib 88HBkb2hq053kwGyKuNe8Pveux7IdARO+xTJxBaMNFs3Sn0Mcl+XAVjTEoAMXmQmm/Wm z0TQ== X-Gm-Message-State: AOJu0Yy3RuWIfbyoNLShl99uMM5MFLqQ5V6gSnM2gYSkOZWy2H+FWMr8 7T3SR693upMO4Udt8lndA60qnAcARd8W9Wdrn4i4ENPkcV3R9wkiGpYTXadKkAAEMFLrfGhk/X+ 0Grngow== X-Gm-Gg: ASbGncuGkK7/M5SpWj9nTcBYbeuBdb57k4QzLkWXQmkNbHsaF2oWL8wUk6MFPzdTTeS tuM+CUhhDnoAGHlV9mU8ZE0Wbg5QwAtF5Rh9NePYIy/8KjYes+6vpqOvlkc3OVFS0c1uGpBlM5g gBBezAqOW2HNkK9j85IzmtiyvricwI/XIvc7R5dG5e7oyVm+DwdF2VIxVW/4y9H153qS1K4Oez9 YvxMYwg/86speq1pw265BdXY8C6hiU+cBHpfjhKqVMPu4AQ4xBjs+8syrFLsFmPV6e4m4CFUTfe Ii3d/MImZZvxWFblnvupun/J4plpRWU1f8pPcOsF6RZUkheD5L3hpy1xZBRDtFDOHFzr+AVq01N b76shgs2Hhb1nkqx8g22qEASgHD51l0JXFw== X-Google-Smtp-Source: AGHT+IGniQueSabYcMlYKxMZWyukroxEAyVkNntlA5kMeJZVX0RhHtzKPzCoBxvFkJsUGccDPiQQiw== X-Received: by 2002:a5d:5889:0:b0:3a0:b56c:2eaf with SMTP id ffacd0b85a97d-3a349699ba6mr4281520f8f.7.1747255844297; Wed, 14 May 2025 13:50:44 -0700 (PDT) Received: from localhost.localdomain (cpc92320-cmbg19-2-0-cust719.5-4.cable.virginm.net. [82.13.66.208]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a1f5a2d96csm20834409f8f.69.2025.05.14.13.50.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 May 2025 13:50:44 -0700 (PDT) From: Mark Thompson To: ffmpeg-devel@ffmpeg.org Date: Wed, 14 May 2025 21:50:25 +0100 Message-ID: <20250514205033.3177814-1-sw@jkqxz.net> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] cbs_apv: Fix memory leak on metadata parse failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Buffers are allocated inside some metadata types, so we must ensure that the object is visible to the free function before a parse failure. Found by libFuzzer. --- libavcodec/cbs_apv_syntax_template.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/cbs_apv_syntax_template.c b/libavcodec/cbs_apv_syntax_template.c index ca66349141..fc8a08ff31 100644 --- a/libavcodec/cbs_apv_syntax_template.c +++ b/libavcodec/cbs_apv_syntax_template.c @@ -543,11 +543,11 @@ static int FUNC(metadata)(CodedBitstreamContext *ctx, RWContext *rw, return AVERROR_INVALIDDATA; } + current->metadata_count = p + 1; + CHECK(FUNC(metadata_payload)(ctx, rw, pl)); metadata_bytes_left -= pl->payload_size; - - current->metadata_count = p + 1; if (metadata_bytes_left == 0) break; } -- 2.47.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".