From 837e72b01608f286c957c5ac3ca3a28cea76e6e0 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 8 Sep 2016 18:04:13 +0200
Subject: avcodec/alsdec: Fix mlz memleak

Fixes: 0cee183a09bff5aa5108429717c35a4d/asan_heap-oob_1d99eca_3702_172c75af9868d4c2556a79cc2413f4cc.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/alsdec.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'libavcodec/alsdec.c')

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index f557f2bbb2..c31f733967 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1912,7 +1912,10 @@ static av_cold int decode_end(AVCodecContext *avctx)
     av_freep(&ctx->chan_data_buffer);
     av_freep(&ctx->reverted_channels);
     av_freep(&ctx->crc_buffer);
-    av_freep(&ctx->mlz);
+    if (ctx->mlz) {
+        av_freep(&ctx->mlz->dict);
+        av_freep(&ctx->mlz);
+    }
     av_freep(&ctx->acf);
     av_freep(&ctx->last_acf_mantissa);
     av_freep(&ctx->shift_value);
@@ -2065,7 +2068,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
 
         ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));
         ctx->nbits  = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
-        ctx->mlz    = av_malloc(sizeof(*ctx->mlz));
+        ctx->mlz    = av_mallocz(sizeof(*ctx->mlz));
 
         if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
             || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
-- 
cgit v1.2.3