[FFmpeg-cvslog] avcodec/hnm4video: allocate frame only when theres a coded frame

Michael Niedermayer git at videolan.org
Sat Nov 23 21:07:25 CET 2013 

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Nov 23 20:48:35 2013 +0100| [321b33876262ad332b3030eb6e3d0739540e4209] | committer: Michael Niedermayer

avcodec/hnm4video: allocate frame only when theres a coded frame

Fixes memleak
Fixes: asan_heap-oob_e76bdf_2224_MOTHOO.HNM

This patch also removes the setting of palette_has_changed,
which was set on a frame that was never returned

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=321b33876262ad332b3030eb6e3d0739540e4209
---

 libavcodec/hnm4video.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libavcodec/hnm4video.c b/libavcodec/hnm4video.c
index 742b1d3..177972b 100644
--- a/libavcodec/hnm4video.c
+++ b/libavcodec/hnm4video.c
@@ -397,19 +397,18 @@ static int hnm_decode_frame(AVCodecContext *avctx, void *data,
         return AVERROR_INVALIDDATA;
     }
 
-    if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-        return ret;
-
     chunk_id = AV_RL16(avpkt->data + 4);
 
     if (chunk_id == HNM4_CHUNK_ID_PL) {
         hnm_update_palette(avctx, avpkt->data, avpkt->size);
-        frame->palette_has_changed = 1;
     } else if (chunk_id == HNM4_CHUNK_ID_IZ) {
         if (avpkt->size < 12) {
             av_log(avctx, AV_LOG_ERROR, "packet too small\n");
             return AVERROR_INVALIDDATA;
         }
+        if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+            return ret;
+
         unpack_intraframe(avctx, avpkt->data + 12, avpkt->size - 12);
         memcpy(hnm->previous, hnm->current, hnm->width * hnm->height);
         if (hnm->version == 0x4a)
@@ -422,6 +421,9 @@ static int hnm_decode_frame(AVCodecContext *avctx, void *data,
         memcpy(frame->data[1], hnm->palette, 256 * 4);
         *got_frame = 1;
     } else if (chunk_id == HNM4_CHUNK_ID_IU) {
+        if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+            return ret;
+
         if (hnm->version == 0x4a) {
             decode_interframe_v4a(avctx, avpkt->data + 8, avpkt->size - 8);
             memcpy(hnm->processed, hnm->current, hnm->width * hnm->height);

More information about the ffmpeg-cvslog mailing list