From patchwork Wed Sep 20 00:30:32 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43849
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:a886:b0:149:dfde:5c0a with SMTP id ca6csp307047pzb;
        Tue, 19 Sep 2023 17:31:08 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IH2395m/IyDyhczhY1FlocFb8qDyLhtJzHeSVgwZNnaK00I9eicuow8v3//YgK4Gf1G+1JW
X-Received: by 2002:a17:906:cc5c:b0:9ad:a4bd:dc67 with SMTP id
 mm28-20020a170906cc5c00b009ada4bddc67mr704698ejb.50.1695169867895;
        Tue, 19 Sep 2023 17:31:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695169867; cv=none;
        d=google.com; s=arc-20160816;
        b=r8pS8QzbWxtK+qNupfBR7zMr+2pRyPVnOoCz6E6kBRr+kSk2mdUjDk9o4fBX1EO/Jc
         CyrIZrRhfdhKtivw5r3F7DSrwopjgNyZgE+5jY2y1S0q+o0CYeRzSJnFFcr+d6U4lpbU
         8pooP3va/xeEcbO2qn/ZyJlQU5eTxkzxVai8r7f53ejuz7f+CAcgtfQFc770D79iUfGF
         nAUlhIyn2byHqXAYnwARQBALtsTA5zuetHonM27XdXIPvFsA1wHuoGdAOwio/Chw57jC
         acSIr4XNRHzIBB7tMPGz/rRQMR1j6eRBdVi0a7MM00PqsDS8Gozabfh1nAGy8iWQ7Z3k
         Nn7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=0QYPuTv54I1p02wbesHJbJABobqPLNE0aaWMKfY43Fc=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=yD79codIWWyPlhbRyj1I037MLMI4c6UUR/0QMxhSCh8bPybj1EWPR8A40tik8/ccnv
         K7FopzTyJyk3RC/TA21wEo5Ln4bf+lzXmnVL/PiMSke/gPrzxRlpVRsn+VQJrSlaIDSp
         IL03imHMe0DBptGAMSz3nlOx6pZ0Mv7PuLgfoC8EzWVRCH2g5YUycEGo5Uue1RDbBg+U
         OzN757TAT/NAOpz9vzj/416Ps/IVTeB62mEisDfTeJZj//96nfNdU3yxEzWxA7jVOn95
         UDrlpqwpnq3pU+UmUaDAvU0pcqGqeXXy4farRhf1Y38wjitHFfzbCjTHSvbKgcLwX8Jn
         qTUQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 b6-20020a170906490600b00992f309cfe9si10772677ejq.598.2023.09.19.17.31.07;
        Tue, 19 Sep 2023 17:31:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E2ACD68C91B;
	Wed, 20 Sep 2023 03:30:46 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A142168C397
 for <ffmpeg-devel@ffmpeg.org>; Wed, 20 Sep 2023 03:30:37 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id C88D91C0004
 for <ffmpeg-devel@ffmpeg.org>; Wed, 20 Sep 2023 00:30:36 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Wed, 20 Sep 2023 02:30:32 +0200
Message-Id: <20230920003034.7241-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230920003034.7241-1-michael@niedermayer.cc>
References: <20230920003034.7241-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/5] avcodec/utvideodec: move allocation to
 the end of init
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 4OCHSDU0cWwX

Fixes: mem leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-6666804266926080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/utvideodec.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
index 7ee07209d47..4987ee0196a 100644
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -985,10 +985,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR_INVALIDDATA;
     }
 
-    c->buffer = av_calloc(avctx->width + 8, c->pro?2:1);
-    if (!c->buffer)
-        return AVERROR(ENOMEM);
-
     av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &h_shift, &v_shift);
     if ((avctx->width  & ((1<<h_shift)-1)) ||
         (avctx->height & ((1<<v_shift)-1))) {
@@ -1036,6 +1032,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR_INVALIDDATA;
     }
 
+    c->buffer = av_calloc(avctx->width + 8, c->pro?2:1);
+    if (!c->buffer)
+        return AVERROR(ENOMEM);
+
     return 0;
 }