[FFmpeg-devel] [PATCH] pgssubdec: reset rle_data_len/rle_remaining_len on allocation error
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue Jan 31 02:59:38 EET 2017
The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/pgssubdec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c
index b50b37b206..b897d72aab 100644
--- a/libavcodec/pgssubdec.c
+++ b/libavcodec/pgssubdec.c
@@ -300,8 +300,11 @@ static int parse_object_segment(AVCodecContext *avctx,
av_fast_padded_malloc(&object->rle, &object->rle_buffer_size, rle_bitmap_len);
- if (!object->rle)
+ if (!object->rle) {
+ object->rle_data_len = 0;
+ object->rle_remaining_len = 0;
return AVERROR(ENOMEM);
+ }
memcpy(object->rle, buf, buf_size);
object->rle_data_len = buf_size;
--
2.11.0
More information about the ffmpeg-devel
mailing list