diff mbox series

[FFmpeg-devel,01/11] avcodec/movtextdec: Reset counter of fonts when freeing them

Message ID 20201017182248.577108-1-andreas.rheinhardt@gmail.com
State Accepted
Commit 5758620560f1aa329a26ca1585dc0dbd903522c4
Headers show
Series [FFmpeg-devel,01/11] avcodec/movtextdec: Reset counter of fonts when freeing them | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Andreas Rheinhardt Oct. 17, 2020, 6:22 p.m. UTC 
If allocating fonts fails when reading the header, all fonts are freed,
yet the counter of fonts is not reset and no error is returned; when
subtitles are decoded lateron, the inexistent list of fonts is searched
for the matching font for this particular entry which of course leads to
a segfault.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/movtextdec.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Philip Langdale Oct. 18, 2020, 10:57 p.m. UTC | #1 
On Sat, 17 Oct 2020 20:22:38 +0200
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote:

> If allocating fonts fails when reading the header, all fonts are
> freed, yet the counter of fonts is not reset and no error is
> returned; when subtitles are decoded lateron, the inexistent list of
> fonts is searched for the matching font for this particular entry
> which of course leads to a segfault.

Hi Andreas,

I looked through the whole series. Looks good. Thanks for doing all of
this.

--phil
 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
>  libavcodec/movtextdec.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
> index 4a21dbf36d..068bdb7802 100644
> --- a/libavcodec/movtextdec.c
> +++ b/libavcodec/movtextdec.c
> @@ -148,6 +148,7 @@ static void mov_text_cleanup_ftab(MovTextContext
> *m) }
>      }
>      av_freep(&m->ftab);
> +    m->ftab_entries = 0;
>  }
>  
>  static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
> @@ -230,7 +231,6 @@ static int mov_text_tx3g(AVCodecContext *avctx,
> MovTextContext *m) box_size += 3;
>          if (avctx->extradata_size < box_size) {
>              mov_text_cleanup_ftab(m);
> -            m->ftab_entries = 0;
>              return -1;
>          }
>          m->ftab_temp = av_mallocz(sizeof(*m->ftab_temp));
> @@ -245,7 +245,6 @@ static int mov_text_tx3g(AVCodecContext *avctx,
> MovTextContext *m) box_size = box_size + font_length;
>          if (avctx->extradata_size < box_size) {
>              mov_text_cleanup_ftab(m);
> -            m->ftab_entries = 0;
>              return -1;
>          }
>          m->ftab_temp->font = av_malloc(font_length + 1);
diff mbox series

Patch

diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 4a21dbf36d..068bdb7802 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -148,6 +148,7 @@  static void mov_text_cleanup_ftab(MovTextContext *m)
         }
     }
     av_freep(&m->ftab);
+    m->ftab_entries = 0;
 }
 
 static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
@@ -230,7 +231,6 @@  static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
         box_size += 3;
         if (avctx->extradata_size < box_size) {
             mov_text_cleanup_ftab(m);
-            m->ftab_entries = 0;
             return -1;
         }
         m->ftab_temp = av_mallocz(sizeof(*m->ftab_temp));
@@ -245,7 +245,6 @@  static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
         box_size = box_size + font_length;
         if (avctx->extradata_size < box_size) {
             mov_text_cleanup_ftab(m);
-            m->ftab_entries = 0;
             return -1;
         }
         m->ftab_temp->font = av_malloc(font_length + 1);