avcodec/exr: Cleanup befor return

Fixes: leaks Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6703454090559488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-11-23 11:39:47 +00:00 · 2023-04-16 15:18:45 +02:00 · 2023-04-16 15:18:45 +02:00 · 885ff3b879
commit 885ff3b879
parent d31d4f3228
1 changed files with 12 additions and 6 deletions
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@ -1930,8 +1930,10 @@ static int decode_header(EXRContext *s, AVFrame *frame)

            bytestream2_get_buffer(gb, key, FFMIN(sizeof(key) - 1, var_size));
            if (strncmp("scanlineimage", key, var_size) &&
-                strncmp("tiledimage", key, var_size))
-                return AVERROR_PATCHWELCOME;
+                strncmp("tiledimage", key, var_size)) {
+                ret = AVERROR_PATCHWELCOME;
+                goto fail;
+            }

            continue;
        } else if ((var_size = check_header_variable(s, "preview",
@ -1939,12 +1941,16 @@ static int decode_header(EXRContext *s, AVFrame *frame)
            uint32_t pw = bytestream2_get_le32(gb);
            uint32_t ph = bytestream2_get_le32(gb);
            uint64_t psize = pw * ph;
-            if (psize > INT64_MAX / 4)
-                return AVERROR_INVALIDDATA;
+            if (psize > INT64_MAX / 4) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
            psize *= 4;

-            if ((int64_t)psize >= bytestream2_get_bytes_left(gb))
-                return AVERROR_INVALIDDATA;
+            if ((int64_t)psize >= bytestream2_get_bytes_left(gb)) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }

            bytestream2_skip(gb, psize);