avformat/mov: Fix memleak in dref reading

Fixes: leak in mov_read_dref() Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760 Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-10-30 21:44:12 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-11-27 00:25:42 +0100
commit: 3b8a263c4f0e750f809282b9e6830c125d6c9db3 (patch)
tree: c50a5bd99179c028256e145dc930d3818b30b426 /libavformat/mov.c
parent: 3c922681c35ac6f58e4a4bc02b8f0966b308d985 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2b90e31170..175d5a3cc2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -588,6 +588,11 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         entries >= UINT_MAX / sizeof(*sc->drefs))
         return AVERROR_INVALIDDATA;
 
+    for (i = 0; i < sc->drefs_count; i++) {
+        MOVDref *dref = &sc->drefs[i];
+        av_freep(&dref->path);
+        av_freep(&dref->dir);
+    }
     av_free(sc->drefs);
     sc->drefs_count = 0;
     sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
author	Michael Niedermayer <michael@niedermayer.cc>	2020-10-30 21:44:12 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-11-27 00:25:42 +0100
commit	3b8a263c4f0e750f809282b9e6830c125d6c9db3 (patch)
tree	c50a5bd99179c028256e145dc930d3818b30b426 /libavformat/mov.c
parent	3c922681c35ac6f58e4a4bc02b8f0966b308d985 (diff)