[FFmpeg-devel] [PATCH v3 2/2] avcodec/mpeg12dec: ensure a53_caption_size is reset on malloc failures
Aman Gupta
ffmpeg at tmm1.net
Tue Nov 14 21:18:58 EET 2017
From: Aman Gupta <aman at tmm1.net>
Signed-off-by: Aman Gupta <aman at tmm1.net>
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/mpeg12dec.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index e2a7c3f2e0..d5bc5f21b2 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -2235,8 +2235,11 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 3;
s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (s1->a53_caption)
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
memcpy(s1->a53_caption, p + 7, s1->a53_caption_size);
+ }
avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
return 1;
@@ -2253,7 +2256,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 3;
s1->a53_caption = av_mallocz(s1->a53_caption_size);
- if (s1->a53_caption) {
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
uint8_t field, cc1, cc2;
uint8_t *cap = s1->a53_caption;
for (i = 0; i < cc_count && get_bits_left(&gb) >= 26; i++) {
@@ -2317,7 +2322,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 6;
s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (s1->a53_caption) {
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
uint8_t field1 = !!(p[4] & 0x80);
uint8_t *cap = s1->a53_caption;
p += 5;
--
2.14.2
More information about the ffmpeg-devel
mailing list