From patchwork Fri Nov 4 18:11:28 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Cadhalpun X-Patchwork-Id: 1296 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.90.1 with SMTP id o1csp1449412vsb; Fri, 4 Nov 2016 11:11:38 -0700 (PDT) X-Received: by 10.28.52.76 with SMTP id b73mr4411439wma.8.1478283098813; Fri, 04 Nov 2016 11:11:38 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 200si6610430wma.39.2016.11.04.11.11.38; Fri, 04 Nov 2016 11:11:38 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@googlemail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=QUARANTINE dis=NONE) header.from=googlemail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 78BDB689DF1; Fri, 4 Nov 2016 20:11:33 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B6E2E689DDC for ; Fri, 4 Nov 2016 20:11:26 +0200 (EET) Received: by mail-wm0-f67.google.com with SMTP id 68so5072908wmz.2 for ; Fri, 04 Nov 2016 11:11:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=QK9uAZTnG33vsl3LOhtfOhcafqYc9aZITMJyvBeGjPI=; b=TIXMfWXVWll7YqrklorNyr0Kc8bOeKlyYPD7xF+Jep6URLKq454RqDoH7oZn0LnPTE pAR2+hiL/MIoQVNuqNQv07rdQ0JggIhuonVQ9jKOI0TCALaFZjDJDMgS0CNkyLs8+HYy qUp1qDSOCEcCJfeNKO34J0FUxQt1RoUuole0PWYCY0VYZ5uyD426AKwQufzxQsZZavcU 7evV5Oc5MLKvKOBzJnoQ7mp/DSl3vNrWNvIm6yDu+l61PZ7qXmx/XoJHE5yvJwnzv2+p 2uiegUbSwaqqNHRhih/CLf8fjutTIfXVpm77DxNkiuFaibMO4plUBXUHb4xZdJpHFXZ1 3FfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=QK9uAZTnG33vsl3LOhtfOhcafqYc9aZITMJyvBeGjPI=; b=GIEoYmXBiU8mMDezieJm4WXmC4bgfaAYeW8ZsgaiOxsDqOXy88XZ8EWC0mEUbMkE4y XwjHRhgS1ExIPUcTn2zzeTC3ZTyhE1iUDw3i+Ixcfgf/NUnynLYNSNqtsVyoUDkaPndI 5iqmk6HDyH+fyMIc2TjjmzX39gur19g61yOu/SEtH8FcRlPgftamXZj6TFDtrz8oOngQ WZQ4dnYv87hU1Vkm1EKMHLrj2RNIJNhxJ5HNGhapPu6DUGjfUHO8RH7ZSV8mCiwaLU7W PxO/XtwDfFjqbMQN+bg1yGuN9mE2Q/aaExRa3n4iZPzYiJhxF+Xfskyp67LqSUwjqzXl Zq0Q== X-Gm-Message-State: ABUngves4DpTp/C91BqYk0yUX9UvqeShUi2hgccGlQWu6gprur/U1reNzb4AUkiSNUKdxw== X-Received: by 10.194.62.178 with SMTP id z18mr15127477wjr.20.1478283089598; Fri, 04 Nov 2016 11:11:29 -0700 (PDT) Received: from [192.168.2.21] (p5B09506C.dip0.t-ipconnect.de. [91.9.80.108]) by smtp.googlemail.com with ESMTPSA id jg6sm15513602wjb.22.2016.11.04.11.11.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Nov 2016 11:11:29 -0700 (PDT) From: Andreas Cadhalpun X-Google-Original-From: Andreas Cadhalpun To: FFmpeg development discussions and patches References: Message-ID: <8c00645a-6d0e-e434-be6d-462503281999@googlemail.com> Date: Fri, 4 Nov 2016 19:11:28 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: Subject: [FFmpeg-devel] [PATCH 2/3] diracdec: clear slice_params_num_buf on allocation failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Otherwise it can be non-zero next time decode_lowdelay is called, causing slice_params_buf not to be allocated, leading to a NULL pointer dereference. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Signed-off-by: Andreas Cadhalpun --- libavcodec/diracdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 5c669ff..bb314d0 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -910,6 +910,7 @@ static int decode_lowdelay(DiracContext *s) s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice)); if (!s->slice_params_buf) { av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n"); + s->slice_params_num_buf = 0; return AVERROR(ENOMEM); } s->slice_params_num_buf = s->num_x * s->num_y;