[FFmpeg-cvslog] avcodec/h264_slice: More complete cleanup in h264_slice_header_init()

Michael Niedermayer git at videolan.org
Wed Jun 17 22:09:51 CEST 2015 

ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Thu Aug 21 16:33:03 2014 +0200| [cea2106fb2e1fc541691ab9b3fe54000aeb14f19] | committer: Michael Niedermayer

avcodec/h264_slice: More complete cleanup in h264_slice_header_init()

Fixes null pointer dereference
Fixes Ticket3873

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 1fa35e4352cc39894987e14de464e3d72b55739f)

Conflicts:

	libavcodec/h264_slice.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cea2106fb2e1fc541691ab9b3fe54000aeb14f19
---

 libavcodec/h264.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 37b9d34..870aedd 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3351,7 +3351,7 @@ static int h264_slice_header_init(H264Context *h, int reinit)
     ret = ff_h264_alloc_tables(h);
     if (ret < 0) {
         av_log(h->avctx, AV_LOG_ERROR, "Could not allocate memory\n");
-        return ret;
+        goto fail;
     }
 
     if (nb_slices > MAX_THREADS || (nb_slices > h->mb_height && h->mb_height)) {
@@ -3370,14 +3370,16 @@ static int h264_slice_header_init(H264Context *h, int reinit)
         ret = context_init(h);
         if (ret < 0) {
             av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n");
-            return ret;
+            goto fail;
         }
     } else {
         for (i = 1; i < h->slice_context_count; i++) {
             H264Context *c;
             c                    = h->thread_context[i] = av_mallocz(sizeof(H264Context));
-            if (!c)
-                return AVERROR(ENOMEM);
+            if (!c) {
+                ret = AVERROR(ENOMEM);
+                goto fail;
+            }
             c->avctx             = h->avctx;
             if (CONFIG_ERROR_RESILIENCE) {
                 c->dsp               = h->dsp;
@@ -3416,13 +3418,17 @@ static int h264_slice_header_init(H264Context *h, int reinit)
         for (i = 0; i < h->slice_context_count; i++)
             if ((ret = context_init(h->thread_context[i])) < 0) {
                 av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n");
-                return ret;
+                goto fail;
             }
     }
 
     h->context_initialized = 1;
 
     return 0;
+fail:
+    free_tables(h, 0);
+    h->context_initialized = 0;
+    return ret;
 }
 
 int ff_set_ref_count(H264Context *h)

More information about the ffmpeg-cvslog mailing list