fixes #2633 - 3 segv + memleak

src/filters/isoffin_load.c

@@ -89,7 +89,7 @@ static void isor_get_chapters(GF_ISOFile *file, GF_FilterPid *opid)
 		GF_TextSample *txt = gf_isom_parse_text_sample(bs);
 		if (txt) {
 			times.vals[i] = (u32) s->DTS;
-			names.vals[i] = gf_strdup(txt->text);
+			names.vals[i] = gf_strdup(txt->text ? txt->text : "");
 			gf_isom_delete_text_sample(txt);
 		}
 		gf_bs_del(bs);
@@ -1105,7 +1105,7 @@ static void isor_declare_track(ISOMReader *read, ISOMChannel *ch, u32 track, u32
 		gf_odf_desc_del((GF_Descriptor *)lang_desc);
 		lang_desc = NULL;
 	}
-	
+
 	if (read->smode != MP4DMX_SINGLE) {
 		if ((codec_id==GF_CODECID_LHVC) || (codec_id==GF_CODECID_HEVC)) {
 			Bool signal_lhv = (read->smode==MP4DMX_SPLIT) ? GF_TRUE : GF_FALSE;
@@ -1750,7 +1750,7 @@ GF_Err isor_declare_objects(ISOMReader *read)
 		GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[IsoMedia] No suitable tracks in file\n"));
 		return GF_NOT_SUPPORTED;
 	}
-	
+
 	/*if cover art, declare a video pid*/
 	if (gf_isom_apple_get_tag(read->mov, GF_ISOM_ITUNE_COVER_ART, &tag, &tlen)==GF_OK) {
 
@@ -1853,7 +1853,7 @@ Bool isor_declare_item_properties(ISOMReader *read, ISOMChannel *ch, u32 item_id
 
 	if (read->itemid)
 		gf_filter_pid_set_property(pid, GF_PROP_PID_ITEM_ID, &PROP_UINT(item_id));
-		
+
 	if ((item_codecid==GF_CODECID_HEVC) && gf_isom_meta_item_has_ref(read->mov, GF_TRUE, 0, item_id, GF_ISOM_REF_TBAS)) {
 		gf_filter_pid_set_property(pid, GF_PROP_PID_TILE_BASE, &PROP_BOOL(GF_TRUE));
 	}
@@ -1948,6 +1948,3 @@ Bool isor_declare_item_properties(ISOMReader *read, ISOMChannel *ch, u32 item_id
 }
 
 #endif // !defined(GPAC_DISABLE_ISOM) && !defined(GPAC_DISABLE_MP4DMX)
-
-
-

src/filters/mux_isom.c

@@ -1027,7 +1027,7 @@ static GF_Err mp4_mux_setup_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_tr
 		gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_STREAM_TYPE, &PROP_UINT(GF_STREAM_FILE) );
 
 		mux_assign_mime_file_ext(pid, ctx->opid, ISOM_FILE_EXT, ISOM_FILE_MIME, NULL);
-		
+
 		gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DASH_MODE, NULL);
 		//we dispatch timing in milliseconds
 		gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_TIMESCALE, &PROP_UINT(1000));
@@ -1080,7 +1080,7 @@ static GF_Err mp4_mux_setup_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_tr
 		GF_FilterEvent evt;
 		GF_SAFEALLOC(tkw, TrackWriter);
 		if (!tkw) return GF_OUT_OF_MEM;
-		
+
 		gf_list_add(ctx->tracks, tkw);
 		tkw->ipid = pid;
 		tkw->fake_track = !is_true_pid;
@@ -2615,7 +2615,7 @@ static GF_Err mp4_mux_setup_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_tr
 				return e;
 			}
 		}
-		
+
 		if (xps_inband) {
 			//this will cleanup all PS in avcC / svcC
 			gf_isom_avc_set_inband_config(ctx->file, tkw->track_num, tkw->stsd_idx, (xps_inband==XPS_IB_BOTH) ? GF_TRUE : GF_FALSE);
@@ -3213,7 +3213,7 @@ static GF_Err mp4_mux_setup_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_tr
 				GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, ("[MP4Mux] muxing unknown codec ID %s, using generic sample entry with 4CC \"%s\"\n", gf_codecid_name(codec_id), gf_4cc_to_str(m_subtype) ));
 			}
 		}
-		
+
 		e = gf_isom_new_generic_sample_description(ctx->file, tkw->track_num, (char *)src_url, NULL, &udesc, &tkw->stsd_idx);
 		if (gpac_meta_dsi) gf_free(gpac_meta_dsi);
 
@@ -3762,7 +3762,7 @@ static GF_Err mp4_mux_setup_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_tr
 					if (add_chap) {
 						gf_isom_add_chapter(ctx->file, 0, start_time, p2->value.string_list.vals[j]);
 					}
-					if (add_tk) {
+					if (add_tk && p2->value.string_list.vals[j]) {
 						GF_TextSample tx;
 						memset(&tx, 0, sizeof(tx));
 						tx.text = p2->value.string_list.vals[j];
@@ -4363,7 +4363,7 @@ static GF_Err mp4_mux_cenc_update(GF_MP4MuxCtx *ctx, TrackWriter *tkw, GF_Filter
 			tkw->has_seig = GF_TRUE;
 		}
 	} else {
-	
+
 		e = GF_OK;
 		//multikey ALWAYS uses seig
 		if (tkw->cenc_ki->value.data.ptr[0])
@@ -5014,7 +5014,7 @@ static GF_Err mp4_mux_process_sample(GF_MP4MuxCtx *ctx, TrackWriter *tkw, GF_Fil
 				tkw->gdr_type = sap_type;
 		}
 	}
-	
+
 	subs = gf_filter_pck_get_property(pck, GF_PROP_PCK_SUBS);
 	if (subs) {
 		//if no AUDelim nal and inband header injection, push new subsample
@@ -7107,7 +7107,7 @@ static void mp4_mux_config_timing(GF_MP4MuxCtx *ctx)
 		if (blocking_refs && has_ready) {
 			GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, ("[MP4Mux] Blocking input packets present, aborting initial timing sync\n"));
 		}
-		//this may be quite long until we have a packet in case input pid is video encoding 
+		//this may be quite long until we have a packet in case input pid is video encoding
 		else if (ctx->config_retry_start && (gf_sys_clock() - ctx->config_retry_start > 10000)) {
 			GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, ("[MP4Mux] No input packets present on one or more inputs for more than 10s, aborting initial timing sync\n"));
 		} else {
@@ -7908,7 +7908,7 @@ static GF_Err mp4_mux_done(GF_MP4MuxCtx *ctx, Bool is_final)
 		}
 
 		gf_isom_purge_track_reference(ctx->file, tkw->track_num);
-		
+
 		if (ctx->importer && ctx->dur.num && ctx->dur.den) {
 			u64 mdur = gf_isom_get_media_duration(ctx->file, tkw->track_num);
 			u64 pdur = gf_isom_get_track_duration(ctx->file, tkw->track_num);
@@ -8392,4 +8392,3 @@ const GF_FilterRegister *mp4mx_register(GF_FilterSession *session)
 	return NULL;
 }
 #endif // GPAC_DISABLE_ISOM_WRITE
-

src/isomedia/media.c

@@ -392,6 +392,8 @@ GF_Err Media_GetESD(GF_MediaBox *mdia, u32 sampleDescIndex, GF_ESD **out_esd, Bo
 			return GF_ISOM_INVALID_MEDIA;
 		} else {
 			GF_LASeRSampleEntryBox*ptr = (GF_LASeRSampleEntryBox*)entry;
+			if (!ptr || !ptr->lsr_config || !ptr->lsr_config->hdr_size)
+				return GF_ISOM_INVALID_MEDIA;
 			esd =  gf_odf_desc_esd_new(2);
 			*out_esd = esd;
 			esd->decoderConfig->streamType = GF_STREAM_SCENE;
@@ -1071,7 +1073,7 @@ GF_Err Media_AddSample(GF_MediaBox *mdia, u64 data_offset, const GF_ISOSample *s
 		e = stbl_AddChunkOffset(mdia, sampleNumber, StreamDescIndex, data_offset, sample->nb_pack);
 		if (e) return e;
 	}
-	
+
 	if (!syncShadowNumber) return GF_OK;
 	if (!stbl->ShadowSync) {
 		stbl->ShadowSync = (GF_ShadowSyncBox *) gf_isom_box_new_parent(&stbl->child_boxes, GF_ISOM_BOX_TYPE_STSH);

src/isomedia/tx3g.c

@@ -102,12 +102,14 @@ GF_Err gf_isom_get_text_description(GF_ISOFile *movie, u32 trackNumber, u32 desc
 		(*out_desc)->displayFlags = txt->displayFlags;
 		(*out_desc)->vert_justif = txt->vertical_justification;
 		(*out_desc)->horiz_justif = txt->horizontal_justification;
-		(*out_desc)->font_count = txt->font_table->entry_count;
-		(*out_desc)->fonts = (GF_FontRecord *) gf_malloc(sizeof(GF_FontRecord) * txt->font_table->entry_count);
-		for (i=0; i<txt->font_table->entry_count; i++) {
-			(*out_desc)->fonts[i].fontID = txt->font_table->fonts[i].fontID;
-			if (txt->font_table->fonts[i].fontName)
-				(*out_desc)->fonts[i].fontName = gf_strdup(txt->font_table->fonts[i].fontName);
+		if (txt->font_table && txt->font_table->entry_count) {
+			(*out_desc)->font_count = txt->font_table->entry_count;
+			(*out_desc)->fonts = (GF_FontRecord *) gf_malloc(sizeof(GF_FontRecord) * txt->font_table->entry_count);
+			for (i=0; i<txt->font_table->entry_count; i++) {
+				(*out_desc)->fonts[i].fontID = txt->font_table->fonts[i].fontID;
+				if (txt->font_table->fonts[i].fontName)
+					(*out_desc)->fonts[i].fontName = gf_strdup(txt->font_table->fonts[i].fontName);
+			}
 		}
 	}
 	return GF_OK;
@@ -663,9 +665,12 @@ GF_TextSample *gf_isom_parse_text_sample(GF_BitStream *bs)
 	}
 
 	while (gf_bs_available(bs)) {
-		GF_Box *a;
+		GF_Box *a = NULL;
 		GF_Err e = gf_isom_box_parse(&a, bs);
-		if (e) break;
+		if (e) {
+			if (a) gf_isom_box_del(a);
+			break;
+		}
 
 		switch (a->type) {
 		case GF_ISOM_BOX_TYPE_STYL: