Mercurial > mplayer.hg
changeset 36553:e5e36c2a0055
demux_mkv: Fix massive memleaks in attachment parsing.
| author | reimar |
|---|---|
| date | Sun, 19 Jan 2014 21:45:59 +0000 |
| parents | 79358001ddb2 |
| children | d75b3dce7851 |
| files | libmpdemux/demux_mkv.c |
| diffstat | 1 files changed, 20 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/libmpdemux/demux_mkv.c Sun Jan 19 18:53:32 2014 +0000 +++ b/libmpdemux/demux_mkv.c Sun Jan 19 21:45:59 2014 +0000 @@ -1232,17 +1232,25 @@ switch (ebml_read_id(s, &il)) { case MATROSKA_ID_FILENAME: + free(name); name = ebml_read_utf8(s, &l); - if (name == NULL) + if (name == NULL) { + free(mime); + free(data); return 0; + } mp_msg(MSGT_DEMUX, MSGL_V, "[mkv] | + FileName: %s\n", name); break; case MATROSKA_ID_FILEMIMETYPE: + free(mime); mime = ebml_read_ascii(s, &l); - if (mime == NULL) + if (mime == NULL) { + free(name); + free(data); return 0; + } mp_msg(MSGT_DEMUX, MSGL_V, "[mkv] | + FileMimeType: %s\n", mime); break; @@ -1253,10 +1261,15 @@ uint64_t num = ebml_read_length(s, &x); l = x + num; free(data); - if (num > SIZE_MAX) + if (num > SIZE_MAX) { + free(name); + free(mime); return 0; + } data = malloc(num); - if (stream_read(s, data, num) != (int) num) { + if (!data || stream_read(s, data, num) != (int) num) { + free(name); + free(mime); free(data); return 0; } @@ -1278,6 +1291,9 @@ mp_msg(MSGT_DEMUX, MSGL_V, "[mkv] Attachment: %s, %s, %u bytes\n", name, mime, data_size); + free(name); + free(mime); + free(data); break; }