avcodec/pgssubdec: Free subtitle on error

Fixes: Assertion failure
Fixes: 19753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5688461843759104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c
index 8c10f6d5733138e8ed0b6557214ead79e1822ef5..7fadcb8b4bc0ada0cbaf4c7ea0b32f475f89999b 100644 (file)
--- a/libavcodec/pgssubdec.c
+++ b/libavcodec/pgssubdec.c
@@ -691,8 +691,11 @@ static int decode(AVCodecContext *avctx, void *data, int *data_size,
             ret = AVERROR_INVALIDDATA;
             break;
         }
-        if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
+        if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) {
+            avsubtitle_free(data);
+            *data_size = 0;
             return ret;
+        }
 
         buf += segment_length;
     }