[FFmpeg-cvslog] jpeg2000: fix dereferencing invalid pointers

Michael Niedermayer git at videolan.org
Fri Aug 23 18:13:07 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Aug 23 17:18:21 2013 +0200| [912ce9dd2080c5837285a471d750fa311e09b555] | committer: Michael Niedermayer

jpeg2000: fix dereferencing invalid pointers

Found-by: Laurent Butti <laurentb at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=912ce9dd2080c5837285a471d750fa311e09b555
---

 libavcodec/jpeg2000.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/libavcodec/jpeg2000.c b/libavcodec/jpeg2000.c
index cb1a64d..dc33110 100644
--- a/libavcodec/jpeg2000.c
+++ b/libavcodec/jpeg2000.c
@@ -272,7 +272,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp,
                                         reslevel->log2_prec_height) -
                 (reslevel->coord[1][0] >> reslevel->log2_prec_height);
 
-        reslevel->band = av_malloc_array(reslevel->nbands, sizeof(*reslevel->band));
+        reslevel->band = av_calloc(reslevel->nbands, sizeof(*reslevel->band));
         if (!reslevel->band)
             return AVERROR(ENOMEM);
 
@@ -368,7 +368,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp,
             for (j = 0; j < 2; j++)
                 band->coord[1][j] = ff_jpeg2000_ceildiv(band->coord[1][j], dy);
 
-            band->prec = av_malloc_array(reslevel->num_precincts_x *
+            band->prec = av_calloc(reslevel->num_precincts_x *
                                          (uint64_t)reslevel->num_precincts_y,
                                          sizeof(*band->prec));
             if (!band->prec)
@@ -509,10 +509,12 @@ void ff_jpeg2000_cleanup(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty)
         for (bandno = 0; bandno < reslevel->nbands; bandno++) {
             Jpeg2000Band *band = reslevel->band + bandno;
             for (precno = 0; precno < reslevel->num_precincts_x * reslevel->num_precincts_y; precno++) {
-                Jpeg2000Prec *prec = band->prec + precno;
-                av_freep(&prec->zerobits);
-                av_freep(&prec->cblkincl);
-                av_freep(&prec->cblk);
+                if (band->prec) {
+                    Jpeg2000Prec *prec = band->prec + precno;
+                    av_freep(&prec->zerobits);
+                    av_freep(&prec->cblkincl);
+                    av_freep(&prec->cblk);
+                }
             }
 
             av_freep(&band->prec);



More information about the ffmpeg-cvslog mailing list