[FFmpeg-cvslog] diracdec: clear slice_params_num_buf on allocation failure

Andreas Cadhalpun git at videolan.org
Fri Nov 18 01:08:39 EET 2016


ffmpeg | branch: release/3.2 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Fri Nov  4 19:00:01 2016 +0100| [b9a24cee3ba0c0b27a41d71cde5f002296d10e86] | committer: Andreas Cadhalpun

diracdec: clear slice_params_num_buf on allocation failure

Otherwise it can be non-zero next time decode_lowdelay is called, causing
slice_params_buf not to be allocated, leading to a NULL pointer dereference.

The problem was introduced in commit
dcad4677d637cd2f701917e38361fa96b8c9a418.

Reviewed-by: Rostislav Pehlivanov <atomnuker at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 24d20496d2e6e1df6456c5231d892269dd1fcf38)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9a24cee3ba0c0b27a41d71cde5f002296d10e86
---

 libavcodec/diracdec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 5c669ff..bb314d0 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -910,6 +910,7 @@ static int decode_lowdelay(DiracContext *s)
         s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice));
         if (!s->slice_params_buf) {
             av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n");
+            s->slice_params_num_buf = 0;
             return AVERROR(ENOMEM);
         }
         s->slice_params_num_buf = s->num_x * s->num_y;



More information about the ffmpeg-cvslog mailing list