From f2192e0f0399c7cbb1ac3f311726f2fa9cdf1dba Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 8 Sep 2016 18:11:30 +0200
Subject: [PATCH] avcodec/alsdec: Fix raw_mantissa memleak
Fixes: 0cee183a09bff5aa5108429717c35a4d/asan_heap-oob_1d99eca_3702_9ef60e80de79082a778d3d9ce8ef3b64.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/alsdec.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index c31f733967e..1bb71f5a47e 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1887,6 +1887,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr,
static av_cold int decode_end(AVCodecContext *avctx)
{
ALSDecContext *ctx = avctx->priv_data;
+ int i;
av_freep(&ctx->sconf.chan_pos);
@@ -1920,7 +1921,12 @@ static av_cold int decode_end(AVCodecContext *avctx)
av_freep(&ctx->last_acf_mantissa);
av_freep(&ctx->shift_value);
av_freep(&ctx->last_shift_value);
- av_freep(&ctx->raw_mantissa);
+ if (ctx->raw_mantissa) {
+ for (i = 0; i < avctx->channels; i++) {
+ av_freep(&ctx->raw_mantissa[i]);
+ }
+ av_freep(&ctx->raw_mantissa);
+ }
av_freep(&ctx->larray);
av_freep(&ctx->nbits);
@@ -2064,7 +2070,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
ctx->shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->shift_value));
ctx->last_shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->last_shift_value));
ctx->last_acf_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->last_acf_mantissa));
- ctx->raw_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->raw_mantissa));
+ ctx->raw_mantissa = av_mallocz_array(avctx->channels, sizeof(*ctx->raw_mantissa));
ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));
ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
--
GitLab