From bd55bf8300ef2b97c9316d7b2674b07142163e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Wed, 6 Aug 2025 00:36:10 +0200
Subject: [PATCH] avformat/mov: clear old name from infe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

heif_items are reused and to avoid leaking memory or using stale name,
clear it first.

Fixes: 432505829/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6654363487764480
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 3bf8bf965fb69f873e52d34a85d1ecb722a9fe7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 94b741f056..86037c6712 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8957,6 +8957,7 @@ static int mov_read_infe(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return AVERROR(ENOMEM);
     }
 
+    av_freep(&item->name);
     av_bprint_finalize(&item_name, ret ? &item->name : NULL);
     item->item_id = item_id;
     item->type    = item_type;