| Message ID | 20200915074000.102622-15-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | e411a3af11e5d00a311f594a45c17f74898cb46e |
| Headers | show |
| Series | [FFmpeg-devel,01/30] avcodec/flashsvenc: Avoid allocation of buffer, fix memleak | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On Tue, Sep 15, 2020 at 09:39:45AM +0200, Andreas Rheinhardt wrote: > If allocating the tiles array for indeo 4/5 fails, the context is in an > inconsistent state, because the counter for the number of tiles is > 0. > This will lead to a segfault when freeing the tiles' substructures. > Fix this by setting the number of tiles to zero if the allocation was > unsuccessfull. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavcodec/ivi.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > looks ok
diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c index c5c50fb5c1..c10984e83e 100644 --- a/libavcodec/ivi.c +++ b/libavcodec/ivi.c @@ -442,8 +442,10 @@ av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes, av_freep(&band->tiles); band->tiles = av_mallocz_array(band->num_tiles, sizeof(IVITile)); - if (!band->tiles) + if (!band->tiles) { + band->num_tiles = 0; return AVERROR(ENOMEM); + } /* use the first luma band as reference for motion vectors * and quant */
If allocating the tiles array for indeo 4/5 fails, the context is in an inconsistent state, because the counter for the number of tiles is > 0. This will lead to a segfault when freeing the tiles' substructures. Fix this by setting the number of tiles to zero if the allocation was unsuccessfull. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/ivi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)