[FFmpeg-devel] [PATCH]Fix a crash on oom in hevc decoder
Carl Eugen Hoyos
cehoyos at ag.or.at
Thu Oct 31 20:04:05 CET 2013
Hi!
Attached patch fixes a crash on oom when decoding hevc.
Please review, Carl Eugen
==13364== Invalid read of size 8
==13364== at 0xCAED14: av_freep (mem.c:230)
==13364== by 0x426782: hevc_decode_free (hevc.c:2600)
==13364== by 0x4269FE: hevc_init_context (hevc.c:2694)
==13364== by 0x426A82: hevc_decode_init (hevc.c:2832)
==13364== by 0xA31DFF: avcodec_open2 (utils.c:1413)
==13364== by 0x5D519A: avformat_find_stream_info (utils.c:2741)
==13364== by 0x4640C1: open_input_file (ffmpeg_opt.c:818)
==13364== by 0x462B43: open_files.isra.7 (ffmpeg_opt.c:2505)
==13364== by 0x469EE8: ffmpeg_parse_options (ffmpeg_opt.c:2542)
==13364== by 0x460707: main (ffmpeg.c:3422)
==13364== Address 0x2a4c8 is not stack'd, malloc'd or (recently) free'd
-------------- next part --------------
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 9528323..18fee33 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -2597,7 +2597,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx)
pic_arrays_free(s);
- av_freep(&lc->edge_emu_buffer);
+ if (lc)
+ av_freep(&lc->edge_emu_buffer);
av_freep(&s->md5_ctx);
for(i=0; i < s->nals_allocated; i++) {
More information about the ffmpeg-devel
mailing list