File CVE-2019-9371.patch of Package libvpx.14316

commit cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
Author: Angie Chiang <angiebird@google.com>
Date:   Tue Nov 20 14:41:20 2018 -0800

    Fix a potential memory leak in mkvparser.cc
    
    BUG=webm:1575
    
    Change-Id: Id9a903e14daaab7b93df3a2f443d2f196dbe9104

Index: third_party/libwebm/mkvparser/mkvparser.cc
===================================================================
--- third_party/libwebm/mkvparser/mkvparser.cc.orig
+++ third_party/libwebm/mkvparser/mkvparser.cc
@@ -5296,8 +5296,8 @@ long VideoTrack::Parse(Segment* pSegment
 
   const long long stop = pos + s.size;
 
-  Colour* colour = NULL;
-  Projection* projection = NULL;
+  std::unique_ptr<Colour> colour_ptr;
+  std::unique_ptr<Projection> projection_ptr;
 
   while (pos < stop) {
     long long id, size;
@@ -5346,13 +5346,22 @@ long VideoTrack::Parse(Segment* pSegment
       if (rate <= 0)
         return E_FILE_FORMAT_INVALID;
     } else if (id == libwebm::kMkvColour) {
-      if (!Colour::Parse(pReader, pos, size, &colour))
+      Colour* colour = NULL;
+      if (!Colour::Parse(pReader, pos, size, &colour)) {
         return E_FILE_FORMAT_INVALID;
+      } else {
+        colour_ptr.reset(colour);
+      }
     } else if (id == libwebm::kMkvProjection) {
-      if (!Projection::Parse(pReader, pos, size, &projection))
+      Projection* projection = NULL;
+      if (!Projection::Parse(pReader, pos, size, &projection)) {
         return E_FILE_FORMAT_INVALID;
+      } else {
+        projection_ptr.reset(projection);
+      }
     }
 
+
     pos += size;  // consume payload
     if (pos > stop)
       return E_FILE_FORMAT_INVALID;
@@ -5381,8 +5390,8 @@ long VideoTrack::Parse(Segment* pSegment
   pTrack->m_display_unit = display_unit;
   pTrack->m_stereo_mode = stereo_mode;
   pTrack->m_rate = rate;
-  pTrack->m_colour = colour;
-  pTrack->m_projection = projection;
+  pTrack->m_colour = colour_ptr.release();
+  pTrack->m_projection = projection_ptr.release();
 
   pResult = pTrack;
   return 0;  // success
openSUSE Build Service is sponsored by