[FFmpeg-devel] [PATCH 2/3] diracdec: clear slice_params_num_buf on allocation failure

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri Nov 4 20:11:28 EET 2016


Otherwise it can be non-zero next time decode_lowdelay is called, causing
slice_params_buf not to be allocated, leading to a NULL pointer dereference.

The problem was introduced in commit
dcad4677d637cd2f701917e38361fa96b8c9a418.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavcodec/diracdec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 5c669ff..bb314d0 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -910,6 +910,7 @@ static int decode_lowdelay(DiracContext *s)
         s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice));
         if (!s->slice_params_buf) {
             av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n");
+            s->slice_params_num_buf = 0;
             return AVERROR(ENOMEM);
         }
         s->slice_params_num_buf = s->num_x * s->num_y;
-- 
2.10.1



More information about the ffmpeg-devel mailing list