[FFmpeg-devel] [PATCH 09/14] avcodec/ffv1dec: Fix segfault with frame threading upon error
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Sat Apr 24 14:14:41 EEST 2021
It is possible for the source state to be NULL, namely if an error
happened in the src thread and it never even reached the point of
decoding the slices; or if the allocation of src's states failed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
---
libavcodec/ffv1dec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 791dc073bf..bddfd8e2fb 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -256,7 +256,10 @@ static int decode_slice(AVCodecContext *c, void *arg)
memcpy(pdst, psrc, sizeof(*pdst));
pdst->state = NULL;
pdst->vlc_state = NULL;
-
+ if (fssrc->ac && !psrc->state || !fssrc->ac && !psrc->vlc_state) {
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
if (fssrc->ac) {
pdst->state = av_malloc_array(CONTEXT_SIZE, psrc->context_count);
if (!pdst->state) {
--
2.27.0
More information about the ffmpeg-devel
mailing list