[FFmpeg-devel] [PATCH] avfilter/vf_unsharp: Don't dereference NULL
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Sun Dec 1 11:56:26 EET 2019
The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.
Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
libavfilter/vf_unsharp.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c
index 95b4968d41..7b430b650d 100644
--- a/libavfilter/vf_unsharp.c
+++ b/libavfilter/vf_unsharp.c
@@ -218,7 +218,7 @@ static int init_filter_param(AVFilterContext *ctx, UnsharpFilterParam *fp, const
effect, effect_type, fp->msize_x, fp->msize_y, fp->amount / 65535.0);
fp->sr = av_malloc_array((MAX_MATRIX_SIZE - 1) * s->nb_threads, sizeof(uint32_t));
- fp->sc = av_malloc_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t **));
+ fp->sc = av_mallocz_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t *));
if (!fp->sr || !fp->sc)
return AVERROR(ENOMEM);
@@ -258,9 +258,11 @@ static void free_filter_param(UnsharpFilterParam *fp, int nb_threads)
{
int z;
- for (z = 0; z < 2 * fp->steps_y * nb_threads; z++)
- av_freep(&fp->sc[z]);
- av_freep(&fp->sc);
+ if (fp->sc) {
+ for (z = 0; z < 2 * fp->steps_y * nb_threads; z++)
+ av_freep(&fp->sc[z]);
+ av_freep(&fp->sc);
+ }
av_freep(&fp->sr);
}
--
2.20.1
More information about the ffmpeg-devel
mailing list