File CVE-2019-9371.patch of Package libvpx.14316
commit cb5a9477073cf7ae4a28356d6e3e5638aba78dc9
Author: Angie Chiang <angiebird@google.com>
Date: Tue Nov 20 14:41:20 2018 -0800
Fix a potential memory leak in mkvparser.cc
BUG=webm:1575
Change-Id: Id9a903e14daaab7b93df3a2f443d2f196dbe9104
Index: third_party/libwebm/mkvparser/mkvparser.cc
===================================================================
--- third_party/libwebm/mkvparser/mkvparser.cc.orig
+++ third_party/libwebm/mkvparser/mkvparser.cc
@@ -5296,8 +5296,8 @@ long VideoTrack::Parse(Segment* pSegment
const long long stop = pos + s.size;
- Colour* colour = NULL;
- Projection* projection = NULL;
+ std::unique_ptr<Colour> colour_ptr;
+ std::unique_ptr<Projection> projection_ptr;
while (pos < stop) {
long long id, size;
@@ -5346,13 +5346,22 @@ long VideoTrack::Parse(Segment* pSegment
if (rate <= 0)
return E_FILE_FORMAT_INVALID;
} else if (id == libwebm::kMkvColour) {
- if (!Colour::Parse(pReader, pos, size, &colour))
+ Colour* colour = NULL;
+ if (!Colour::Parse(pReader, pos, size, &colour)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ colour_ptr.reset(colour);
+ }
} else if (id == libwebm::kMkvProjection) {
- if (!Projection::Parse(pReader, pos, size, &projection))
+ Projection* projection = NULL;
+ if (!Projection::Parse(pReader, pos, size, &projection)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ projection_ptr.reset(projection);
+ }
}
+
pos += size; // consume payload
if (pos > stop)
return E_FILE_FORMAT_INVALID;
@@ -5381,8 +5390,8 @@ long VideoTrack::Parse(Segment* pSegment
pTrack->m_display_unit = display_unit;
pTrack->m_stereo_mode = stereo_mode;
pTrack->m_rate = rate;
- pTrack->m_colour = colour;
- pTrack->m_projection = projection;
+ pTrack->m_colour = colour_ptr.release();
+ pTrack->m_projection = projection_ptr.release();
pResult = pTrack;
return 0; // success