[FFmpeg-devel] [PATCH 2/2] avcodec/h264_slice: More complete cleanup in h264_slice_header_init()
Michael Niedermayer
michaelni at gmx.at
Thu Aug 21 17:00:02 CEST 2014
Fixes null pointer dereference
Fixes Ticket3873
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
---
libavcodec/h264_slice.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index fc744f2..c5a9784 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1173,7 +1173,7 @@ static int h264_slice_header_init(H264Context *h, int reinit)
ret = ff_h264_alloc_tables(h);
if (ret < 0) {
av_log(h->avctx, AV_LOG_ERROR, "Could not allocate memory\n");
- return ret;
+ goto fail;
}
if (nb_slices > H264_MAX_THREADS || (nb_slices > h->mb_height && h->mb_height)) {
@@ -1192,14 +1192,16 @@ static int h264_slice_header_init(H264Context *h, int reinit)
ret = ff_h264_context_init(h);
if (ret < 0) {
av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n");
- return ret;
+ goto fail;
}
} else {
for (i = 1; i < h->slice_context_count; i++) {
H264Context *c;
c = h->thread_context[i] = av_mallocz(sizeof(H264Context));
- if (!c)
- return AVERROR(ENOMEM);
+ if (!c) {
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
c->avctx = h->avctx;
if (CONFIG_ERROR_RESILIENCE) {
c->mecc = h->mecc;
@@ -1238,13 +1240,17 @@ static int h264_slice_header_init(H264Context *h, int reinit)
for (i = 0; i < h->slice_context_count; i++)
if ((ret = ff_h264_context_init(h->thread_context[i])) < 0) {
av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n");
- return ret;
+ goto fail;
}
}
h->context_initialized = 1;
return 0;
+fail:
+ ff_h264_free_tables(h, 0);
+ h->context_initialized = 0;
+ return ret;
}
static enum AVPixelFormat non_j_pixfmt(enum AVPixelFormat a)
--
1.7.9.5
More information about the ffmpeg-devel
mailing list