[FFmpeg-cvslog] avfilter/vf_unsharp: Don't dereference NULL

Andreas Rheinhardt git at videolan.org
Tue Dec 3 10:55:39 EET 2019


ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun Dec  1 10:56:26 2019 +0100| [710ab136931ff228b355d87512b0d4ca4e94656a] | committer: Michael Niedermayer

avfilter/vf_unsharp: Don't dereference NULL

The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.

Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=710ab136931ff228b355d87512b0d4ca4e94656a
---

 libavfilter/vf_unsharp.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c
index 95b4968d41..7b430b650d 100644
--- a/libavfilter/vf_unsharp.c
+++ b/libavfilter/vf_unsharp.c
@@ -218,7 +218,7 @@ static int init_filter_param(AVFilterContext *ctx, UnsharpFilterParam *fp, const
            effect, effect_type, fp->msize_x, fp->msize_y, fp->amount / 65535.0);
 
     fp->sr = av_malloc_array((MAX_MATRIX_SIZE - 1) * s->nb_threads, sizeof(uint32_t));
-    fp->sc = av_malloc_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t **));
+    fp->sc = av_mallocz_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t *));
     if (!fp->sr || !fp->sc)
         return AVERROR(ENOMEM);
 
@@ -258,9 +258,11 @@ static void free_filter_param(UnsharpFilterParam *fp, int nb_threads)
 {
     int z;
 
-    for (z = 0; z < 2 * fp->steps_y * nb_threads; z++)
-        av_freep(&fp->sc[z]);
-    av_freep(&fp->sc);
+    if (fp->sc) {
+        for (z = 0; z < 2 * fp->steps_y * nb_threads; z++)
+            av_freep(&fp->sc[z]);
+        av_freep(&fp->sc);
+    }
     av_freep(&fp->sr);
 }
 



More information about the ffmpeg-cvslog mailing list