diff mbox series

[FFmpeg-devel,03/23] avcodec/zmbv: Don't free uninitialized z_stream

Message ID VI1PR0301MB2159078223E442A911868BCD8F589@VI1PR0301MB2159.eurprd03.prod.outlook.com
State Accepted
Commit 9d752ab634f7de9b15a9296a81325b4276e99192
Headers show
Series [FFmpeg-devel,01/23] avcodec/ljpegenc: Mark encoder as init-threadsafe
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Andreas Rheinhardt May 6, 2021, 5:11 a.m. UTC
It is not documented to be safe to call inflateEnd() on a z_stream
that has not been successfully initialized via inflateInit(); so
record whether it has been successfully initialized.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/zmbv.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Tomas Härdin May 7, 2021, 7:06 a.m. UTC | #1
tor 2021-05-06 klockan 07:11 +0200 skrev Andreas Rheinhardt:
> It is not documented to be safe to call inflateEnd() on a z_stream
> that has not been successfully initialized via inflateInit(); so
> record whether it has been successfully initialized.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>

Seems correct and makes the code cleaner. That memset() really is an
ugly hack. Encoder patch also looks good.

/Tomas
diff mbox series

Patch

diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c
index e1aba7f059..4cc0476f4d 100644
--- a/libavcodec/zmbv.c
+++ b/libavcodec/zmbv.c
@@ -56,6 +56,7 @@  enum ZmbvFormat {
 typedef struct ZmbvContext {
     AVCodecContext *avctx;
 
+    int zlib_init_ok;
     int bpp;
     int alloc_bpp;
     unsigned int decomp_size;
@@ -611,9 +612,6 @@  static av_cold int decode_init(AVCodecContext *avctx)
 
     c->bpp = avctx->bits_per_coded_sample;
 
-    // Needed if zlib unused or init aborted before inflateInit
-    memset(&c->zstream, 0, sizeof(z_stream));
-
     if ((avctx->width + 255ULL) * (avctx->height + 64ULL) > FFMIN(avctx->max_pixels, INT_MAX / 4) ) {
         av_log(avctx, AV_LOG_ERROR, "Internal buffer (decomp_size) larger than max_pixels or too large\n");
         return AVERROR_INVALIDDATA;
@@ -637,6 +635,7 @@  static av_cold int decode_init(AVCodecContext *avctx)
         av_log(avctx, AV_LOG_ERROR, "Inflate init error: %d\n", zret);
         return AVERROR_UNKNOWN;
     }
+    c->zlib_init_ok = 1;
 
     return 0;
 }
@@ -647,9 +646,10 @@  static av_cold int decode_end(AVCodecContext *avctx)
 
     av_freep(&c->decomp_buf);
 
-    inflateEnd(&c->zstream);
     av_freep(&c->cur);
     av_freep(&c->prev);
+    if (c->zlib_init_ok)
+        inflateEnd(&c->zstream);
 
     return 0;
 }