diff mbox

[FFmpeg-devel,2/3] diracdec: clear slice_params_num_buf on allocation failure

Message ID 8c00645a-6d0e-e434-be6d-462503281999@googlemail.com
State Accepted
Commit 24d20496d2e6e1df6456c5231d892269dd1fcf38
Headers show

Commit Message

Andreas Cadhalpun Nov. 4, 2016, 6:11 p.m. UTC 
Otherwise it can be non-zero next time decode_lowdelay is called, causing
slice_params_buf not to be allocated, leading to a NULL pointer dereference.

The problem was introduced in commit
dcad4677d637cd2f701917e38361fa96b8c9a418.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/diracdec.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Rostislav Pehlivanov Nov. 4, 2016, 7:09 p.m. UTC | #1 
On 4 November 2016 at 18:11, Andreas Cadhalpun <
andreas.cadhalpun@googlemail.com> wrote:

> Otherwise it can be non-zero next time decode_lowdelay is called, causing
> slice_params_buf not to be allocated, leading to a NULL pointer
> dereference.
>
> The problem was introduced in commit
> dcad4677d637cd2f701917e38361fa96b8c9a418.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavcodec/diracdec.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
> index 5c669ff..bb314d0 100644
> --- a/libavcodec/diracdec.c
> +++ b/libavcodec/diracdec.c
> @@ -910,6 +910,7 @@ static int decode_lowdelay(DiracContext *s)
>          s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x
> * s->num_y, sizeof(DiracSlice));
>          if (!s->slice_params_buf) {
>              av_log(s->avctx, AV_LOG_ERROR, "slice params buffer
> allocation failure\n");
> +            s->slice_params_num_buf = 0;
>              return AVERROR(ENOMEM);
>          }
>          s->slice_params_num_buf = s->num_x * s->num_y;
> --
> 2.10.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>


LGTM, tnx
diff mbox

Patch

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 5c669ff..bb314d0 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -910,6 +910,7 @@  static int decode_lowdelay(DiracContext *s)
         s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice));
         if (!s->slice_params_buf) {
             av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n");
+            s->slice_params_num_buf = 0;
             return AVERROR(ENOMEM);
         }
         s->slice_params_num_buf = s->num_x * s->num_y;