[FFmpeg-cvslog] avcodec/ivi: Fix segfault on allocation error

[Andreas Rheinhardt]

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Mon Sep 14 20:32:33 2020 +0200| [e411a3af11e5d00a311f594a45c17f74898cb46e] | committer: Andreas Rheinhardt

avcodec/ivi: Fix segfault on allocation error

If allocating the tiles array for indeo 4/5 fails, the context is in an
inconsistent state, because the counter for the number of tiles is > 0.
This will lead to a segfault when freeing the tiles' substructures.
Fix this by setting the number of tiles to zero if the allocation was
unsuccessful.

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e411a3af11e5d00a311f594a45c17f74898cb46e
---

 libavcodec/ivi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c
index c5c50fb5c1..c10984e83e 100644
--- a/libavcodec/ivi.c
+++ b/libavcodec/ivi.c
@@ -442,8 +442,10 @@ av_cold int ff_ivi_init_tiles(IVIPlaneDesc *planes,
 
             av_freep(&band->tiles);
             band->tiles = av_mallocz_array(band->num_tiles, sizeof(IVITile));
-            if (!band->tiles)
+            if (!band->tiles) {
+                band->num_tiles = 0;
                 return AVERROR(ENOMEM);
+            }
 
             /* use the first luma band as reference for motion vectors
              * and quant */