avcodec/ivi: Avoid mbs memleak
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 13 Dec 2018 02:16:04 +0000 (03:16 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 23 Dec 2018 19:24:47 +0000 (20:24 +0100)
Fixes: 11696/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5740319635668992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/ivi.c

index b23d4af..71bf0e6 100644 (file)
@@ -437,6 +437,14 @@ av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes,
 
         for (b = 0; b < planes[p].num_bands; b++) {
             band = &planes[p].bands[b];
+
+            if (band->tiles) {
+                int t;
+                for (t = 0; t < band->num_tiles; t++) {
+                    av_freep(&band->tiles[t].mbs);
+                }
+            }
+
             x_tiles = IVI_NUM_TILES(band->width, t_width);
             y_tiles = IVI_NUM_TILES(band->height, t_height);
             band->num_tiles = x_tiles * y_tiles;