From patchwork Sun Apr  5 06:31:55 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Ross <pross@xvid.org>
X-Patchwork-Id: 18659
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id CC1B444A46F
	for <patchwork@ffaux-bg.ffmpeg.org>; Sun,  5 Apr 2020 09:32:14 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A9EB168B2F3;
	Sun,  5 Apr 2020 09:32:14 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mx.sdf.org (mx.sdf.org [205.166.94.20])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 957DF68B15A
 for <ffmpeg-devel@ffmpeg.org>; Sun,  5 Apr 2020 09:32:07 +0300 (EEST)
Received: from 5b178d977a9f2e6b51ea376b6f737b11 ([1.152.173.235])
 (authenticated (128 bits))
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id 0356VxHp019422
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO)
 for <ffmpeg-devel@ffmpeg.org>; Sun, 5 Apr 2020 06:32:04 GMT
Date: Sun, 5 Apr 2020 16:31:55 +1000
From: Peter Ross <pross@xvid.org>
To: ffmpeg-devel@ffmpeg.org
Message-ID: 
 <cc6c9ed6c32e98d02bf0b65b900eb6f5d5c6512c.1586068235.git.pross@xvid.org>
MIME-Version: 1.0
User-Agent: Mutt/1.10.1 (2018-07-13)
Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/vp9: prevent null pointer use on
 init_frames() failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

---
 libavcodec/vp9.c | 6 ++++++
 1 file changed, 6 insertions(+)
Signed-off-by: Peter Ross <pross@xvid.org>
Reviewed-by: James Almer <jamrial@gmail.com>

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 7ee375d4d0..c125e22975 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -1216,18 +1216,24 @@ static av_cold int vp9_decode_free(AVCodecContext *avctx)
     int i;
 
     for (i = 0; i < 3; i++) {
+        if (s->s.frames[i].tf.f) {
         if (s->s.frames[i].tf.f->buf[0])
             vp9_frame_unref(avctx, &s->s.frames[i]);
         av_frame_free(&s->s.frames[i].tf.f);
+        }
     }
     av_buffer_pool_uninit(&s->frame_extradata_pool);
     for (i = 0; i < 8; i++) {
+        if (s->s.refs[i].f) {
         if (s->s.refs[i].f->buf[0])
             ff_thread_release_buffer(avctx, &s->s.refs[i]);
         av_frame_free(&s->s.refs[i].f);
+        }
+        if (s->next_refs[i].f) {
         if (s->next_refs[i].f->buf[0])
             ff_thread_release_buffer(avctx, &s->next_refs[i]);
         av_frame_free(&s->next_refs[i].f);
+        }
     }
 
     free_buffers(s);