qtdemux: fix leak by flushing previous sample info from trak

In fragmented streaming, multiple moov/moof will be parsed and their
previously stored samples array might leak when new values are parsed.
The parse_trak and callees won't free the previously stored values
before parsing the new ones.

In step-by-step, this is what happens:

1) initial moov is parsed, traks as well, streams are created. The
   trak doesn't contain samples because they are in the moof's trun
   boxes. n_samples is set to 0 while parsing the trak and the samples
   array is still NULL.
2) moofs are parsed, and their trun boxes will increase n_samples and
   create/extend the samples array
3) At some point a new moov might be sent (bitrate switching, for example)
   and parsing the trak will overwrite n_samples with the values from
   this trak. If the n_samples is set to 0 qtdemux will assume that
   the samples array is NULL and will leak it when a new one is
   created for the subsequent moofs.

This patch makes qtdemux properly free previous sample data before
creating new ones and adds an assert to catch future occurrences of
this issue when the code changes.

diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
index 52053f8..d352653 100644 (file)
--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
@@ -2680,10 +2680,11 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun,
       sizeof (QtDemuxSample) / (1024.0 * 1024.0));
 
   /* create a new array of samples if it's the first sample parsed */
-  if (stream->n_samples == 0)
+  if (stream->n_samples == 0) {
+    g_assert (stream->samples == NULL);
     stream->samples = g_try_new0 (QtDemuxSample, samples_count);
-  /* or try to reallocate it with space enough to insert the new samples */
-  else
+    /* or try to reallocate it with space enough to insert the new samples */
+  } else
     stream->samples = g_try_renew (QtDemuxSample, stream->samples,
         stream->n_samples + samples_count);
   if (stream->samples == NULL)
@@ -6772,6 +6773,7 @@ qtdemux_stbl_init (GstQTDemux * qtdemux, QtDemuxStream * stream, GNode * stbl)
     return FALSE;
   }
 
+  g_assert (stream->samples == NULL);
   stream->samples = g_try_new0 (QtDemuxSample, stream->n_samples);
   if (!stream->samples) {
     GST_WARNING_OBJECT (qtdemux, "failed to allocate %d samples",
@@ -7817,6 +7819,9 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak)
       GST_WARNING_OBJECT (qtdemux, "Stream not found, going to ignore it");
       goto skip_track;
     }
+
+    /* flush samples data from this track from previous moov */
+    gst_qtdemux_stream_flush_samples_data (qtdemux, stream);
   }
 
   if (stream->pending_tags == NULL)