From patchwork Tue Feb 15 09:59:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiasheng Jiang X-Patchwork-Id: 34304 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6838:90eb:0:0:0:0 with SMTP id a11csp146895nkf; Tue, 15 Feb 2022 01:59:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJxUBrZyzz1+Cpaznu8G0e1KQQ2VwqQIHjZzSLKN4hXhJJMFd6oHYDOwHQ3xRwyk32zxYKl9 X-Received: by 2002:a17:907:6d0d:: with SMTP id sa13mr2411951ejc.44.1644919162217; Tue, 15 Feb 2022 01:59:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644919162; cv=none; d=google.com; s=arc-20160816; b=nspeWYTPmBsX5kbdF7M+d8XaenbqwVBYo6RkBTn5q/GHsaU2yKryBpZyUJROLWeEPJ kKlhMx/fGMVA1tAF8dwTz2JRG66vAme+SLozRA3LW1yQqZfY6xHeuyqB2dlJHC9C23ES 9bT5qcFG+IoEQTY/smy5Lhdp4vcgA+PH2UyCcjnkxJtTEywlrTL/ZSKeChKxMT7H9Jae FpWy81mn49gAgWxUI5OpDemKCQwNWUujhtLFzVFWaruJwxzHTK7hROYERcudHw1Qo7wW oIhpS5QbISoYPmeXq35/B0ljL2YCvigDEtjkY4PeR6fxC9p/3sIQLSOICR7jkWdo9GWv 4glQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :delivered-to; bh=hcMImhwT82VZInyRwXf9rixu1Wof+o+2ZFU2I+oIkT8=; b=R3f037TX9/gbF/eScAdRkePJ4HL5JhHS+3hzMLwooU8PeMz6fRDqDMRVsMK/r5z2MD cBfFCa3sheR5kHNhrt4gZSXw7j8QDaj3hjj7LFL2BqTwYUp7jTfvzN9sytBNFJ1aNBxb uQF3nsvnOwNZzn/UI6UpFKMb9BkABEu8EeZhScPF8Hi+qtW98rwX/GpBZQMOdM4b1qMn PluQY60Ihq7+s4r9LmYlf/6/7kIhiHzZaI0ou1A3lOLLmlwbMKE/9M1puRfpzlUeik6S HWqvMSry4M3C1UgZg1YOcFLSYn6znARSj4afLmsyl7NiSp8ohmfETWQ+kWAwC2vZlChG lWPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gb12si4469121ejc.569.2022.02.15.01.59.21; Tue, 15 Feb 2022 01:59:22 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7DCF468B2DE; Tue, 15 Feb 2022 11:59:19 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from cstnet.cn (smtp21.cstnet.cn [159.226.251.21]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1D6DF68B02F for ; Tue, 15 Feb 2022 11:59:11 +0200 (EET) Received: from localhost.localdomain (unknown [124.16.138.126]) by APP-01 (Coremail) with SMTP id qwCowADX3PhteQti183ZAA--.62511S2; Tue, 15 Feb 2022 17:59:10 +0800 (CST) From: Jiasheng Jiang To: ffmpeg-devel@ffmpeg.org Date: Tue, 15 Feb 2022 17:59:08 +0800 Message-Id: <20220215095908.1672123-1-jiasheng@iscas.ac.cn> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CM-TRANSID: qwCowADX3PhteQti183ZAA--.62511S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Ww18XFyxXF48tr48KrW5GFg_yoW8tF45pF y2yw4xG34fXrs7Cas7Zw18Xw4rG393ZF97Aw4vqwn3Zrs09w1kWryktayfGas5Xr4ktFWF vF4kGa4UC3WDG3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUka14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26r4j6ryUM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j 6F4UM28EF7xvwVC2z280aVAFwI0_Cr1j6rxdM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUXVWUAwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwCY02Avz4vE14v_GFWl 42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJV WUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1Y6r17MIIYrxkI7VAK I48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r 4UMIIF0xvE42xK8VAvwI8IcIk0rVW8JVW3JwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY 6I8E87Iv6xkF7I0E14v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x0JU3cTPUUUUU= X-Originating-IP: [124.16.138.126] X-CM-SenderInfo: pmld2xxhqjqxpvfd2hldfou0/ Subject: [FFmpeg-devel] [PATCH] avcodec/mlz: Add the check after calling av_mallocz X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Jiasheng Jiang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: PXJXZCXkNN7T Since the potential failure of memory allocation, the av_mallocz() may return NULL pointer if fails, which is assigned to 'mlz->dict'. And then 'mlz->dict' will be used in ff_mlz_flush_dict(). Therefore, it should be better to check it and return error if fails in order to prevent the dereference of the NULL pointer. Also, the caller, the decode_init() needs to deal with the return value of ff_mlz_init_dict(). Fixes: 2f7a12fab5 ("avcodec/mlz: clear dict on allocation to ensure there are no uninitialized values") Signed-off-by: Jiasheng Jiang --- libavcodec/alsdec.c | 5 ++++- libavcodec/mlz.c | 6 +++++- libavcodec/mlz.h | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 9e1aaf065a..2fbb309d33 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -2122,7 +2122,10 @@ static av_cold int decode_init(AVCodecContext *avctx) goto fail; } - ff_mlz_init_dict(avctx, ctx->mlz); + ret = ff_mlz_init_dict(avctx, ctx->mlz); + if (ret < 0) + goto fail; + ff_mlz_flush_dict(ctx->mlz); for (c = 0; c < avctx->channels; ++c) { diff --git a/libavcodec/mlz.c b/libavcodec/mlz.c index dbeb7dcad9..b35607cc7c 100644 --- a/libavcodec/mlz.c +++ b/libavcodec/mlz.c @@ -20,8 +20,10 @@ #include "mlz.h" -av_cold void ff_mlz_init_dict(void* context, MLZ *mlz) { +av_cold int ff_mlz_init_dict(void* context, MLZ *mlz) { mlz->dict = av_mallocz(TABLE_SIZE * sizeof(*mlz->dict)); + if (!mlz->dict) + return AVERROR(ENOMEM); mlz->flush_code = FLUSH_CODE; mlz->current_dic_index_max = DIC_INDEX_INIT; @@ -30,6 +32,8 @@ av_cold void ff_mlz_init_dict(void* context, MLZ *mlz) { mlz->next_code = FIRST_CODE; mlz->freeze_flag = 0; mlz->context = context; + + return 0; } av_cold void ff_mlz_flush_dict(MLZ *mlz) { diff --git a/libavcodec/mlz.h b/libavcodec/mlz.h index c3df52c9b4..01f8e78ec2 100644 --- a/libavcodec/mlz.h +++ b/libavcodec/mlz.h @@ -57,7 +57,7 @@ typedef struct MLZ { /** Initialize the dictionary */ -void ff_mlz_init_dict(void* context, MLZ *mlz); +int ff_mlz_init_dict(void* context, MLZ *mlz); /** Flush the dictionary */