[PATCH] fixed #1785 (fuzz)

author jeanlf <jeanlf@gpac.io>

Mon, 10 May 2021 09:26:57 +0000 (11:26 +0200)

committer Aron Xu <aron@debian.org>

Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
author jeanlf <jeanlf@gpac.io>
Mon, 10 May 2021 09:26:57 +0000 (11:26 +0200)
committer Aron Xu <aron@debian.org>
Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
diff --git a/src/isomedia/avc_ext.c b/src/isomedia/avc_ext.c

index c00cff0dfe162d06143b4f96269cdb1dd54cd4bf..701d0f3f6b58e05be3aef225acf77ec837b63158 100644 (file)
--- a/src/isomedia/avc_ext.c
+++ b/src/isomedia/avc_ext.c
@@ -3169,8 +3169,10 @@ GF_Err gf_isom_oinf_read_entry(void *entry, GF_BitStream *bs)
                 op->output_layer_set_idx = gf_bs_read_u16(bs);
                 op->max_temporal_id = gf_bs_read_u8(bs);
                 op->layer_count = gf_bs_read_u8(bs);
-               if (op->layer_count > GF_ARRAY_LENGTH(op->layers_info))
+               if (op->layer_count > GF_ARRAY_LENGTH(op->layers_info)) {
+                       gf_free(op);
                         return GF_NON_COMPLIANT_BITSTREAM;
+               }
                 for (j = 0; j < op->layer_count; j++) {
                         op->layers_info[j].ptl_idx = gf_bs_read_u8(bs);
                         op->layers_info[j].layer_id = gf_bs_read_int(bs, 6);
author	jeanlf <jeanlf@gpac.io>
	Mon, 10 May 2021 09:26:57 +0000 (11:26 +0200)
committer	Aron Xu <aron@debian.org>
	Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)