[FFmpeg-devel] [PATCH]Fix a crash on oom in hevc decoder
Michael Niedermayer
michaelni at gmx.at
Thu Oct 31 20:09:59 CET 2013
On Thu, Oct 31, 2013 at 08:04:05PM +0100, Carl Eugen Hoyos wrote:
> Hi!
>
> Attached patch fixes a crash on oom when decoding hevc.
>
> Please review, Carl Eugen
>
> ==13364== Invalid read of size 8
> ==13364== at 0xCAED14: av_freep (mem.c:230)
> ==13364== by 0x426782: hevc_decode_free (hevc.c:2600)
> ==13364== by 0x4269FE: hevc_init_context (hevc.c:2694)
> ==13364== by 0x426A82: hevc_decode_init (hevc.c:2832)
> ==13364== by 0xA31DFF: avcodec_open2 (utils.c:1413)
> ==13364== by 0x5D519A: avformat_find_stream_info (utils.c:2741)
> ==13364== by 0x4640C1: open_input_file (ffmpeg_opt.c:818)
> ==13364== by 0x462B43: open_files.isra.7 (ffmpeg_opt.c:2505)
> ==13364== by 0x469EE8: ffmpeg_parse_options (ffmpeg_opt.c:2542)
> ==13364== by 0x460707: main (ffmpeg.c:3422)
> ==13364== Address 0x2a4c8 is not stack'd, malloc'd or (recently) free'd
> hevc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> abbf4c9ee1477fe6672c350856bf802b5e6eb55c patchhevc.diff
> diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
> index 9528323..18fee33 100644
> --- a/libavcodec/hevc.c
> +++ b/libavcodec/hevc.c
> @@ -2597,7 +2597,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx)
>
> pic_arrays_free(s);
>
> - av_freep(&lc->edge_emu_buffer);
> + if (lc)
> + av_freep(&lc->edge_emu_buffer);
should be ok
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20131031/97e1ce36/attachment.asc>
More information about the ffmpeg-devel
mailing list