[FFmpeg-cvslog] avcodec/mpeg12dec: ensure a53_caption_size is reset on malloc failures

Aman Gupta git at videolan.org
Thu Nov 16 04:16:40 EET 2017


ffmpeg | branch: master | Aman Gupta <aman at tmm1.net> | Wed Mar 15 12:53:04 2017 -0700| [ff8f40a63092b184d7fe4416660adbba8d90849d] | committer: Aman Gupta

avcodec/mpeg12dec: ensure a53_caption_size is reset on malloc failures

Signed-off-by: Aman Gupta <aman at tmm1.net>
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff8f40a63092b184d7fe4416660adbba8d90849d
---

 libavcodec/mpeg12dec.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index e2a7c3f2e0..d5bc5f21b2 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -2235,8 +2235,11 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
             av_freep(&s1->a53_caption);
             s1->a53_caption_size = cc_count * 3;
             s1->a53_caption      = av_malloc(s1->a53_caption_size);
-            if (s1->a53_caption)
+            if (!s1->a53_caption) {
+                s1->a53_caption_size = 0;
+            } else {
                 memcpy(s1->a53_caption, p + 7, s1->a53_caption_size);
+            }
             avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
         }
         return 1;
@@ -2253,7 +2256,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
             av_freep(&s1->a53_caption);
             s1->a53_caption_size = cc_count * 3;
             s1->a53_caption      = av_mallocz(s1->a53_caption_size);
-            if (s1->a53_caption) {
+            if (!s1->a53_caption) {
+                s1->a53_caption_size = 0;
+            } else {
                 uint8_t field, cc1, cc2;
                 uint8_t *cap = s1->a53_caption;
                 for (i = 0; i < cc_count && get_bits_left(&gb) >= 26; i++) {
@@ -2317,7 +2322,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
             av_freep(&s1->a53_caption);
             s1->a53_caption_size = cc_count * 6;
             s1->a53_caption      = av_malloc(s1->a53_caption_size);
-            if (s1->a53_caption) {
+            if (!s1->a53_caption) {
+                s1->a53_caption_size = 0;
+            } else {
                 uint8_t field1 = !!(p[4] & 0x80);
                 uint8_t *cap = s1->a53_caption;
                 p += 5;



More information about the ffmpeg-cvslog mailing list