[FFmpeg-cvslog] avcodec/wavpack: Fix leak and segfault on reallocation error

[Andreas Rheinhardt]

ffmpeg | branch: release/7.0 | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Sun Mar 24 16:10:16 2024 +0100| [607fca80b7701a74af18e21ae3a95ad5a15259b1] | committer: Andreas Rheinhardt

avcodec/wavpack: Fix leak and segfault on reallocation error

av_realloc_f() frees the buffer it is given on allocation
failure. But in this case, the buffer is an array of
ownership pointers, causing leaks on error. Furthermore,
the count of pointers is unchanged on error and the codec's
close function uses it to free said ownership pointers,
causing a NPD.
This is a regression since 46412a8935e4632b2460988bfce4152c7dccce22.

Fix this by switching to av_realloc_array().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
(cherry picked from commit 2f59648aed8ba538e2ff3cd7edcb85f4501faa25)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=607fca80b7701a74af18e21ae3a95ad5a15259b1
---

 libavcodec/wavpack.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 09b8731465..a81049b18b 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -973,9 +973,11 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb,
 
 static av_cold int wv_alloc_frame_context(WavpackContext *c)
 {
-    c->fdec = av_realloc_f(c->fdec, c->fdec_num + 1, sizeof(*c->fdec));
-    if (!c->fdec)
+    WavpackFrameContext **fdec = av_realloc_array(c->fdec, c->fdec_num + 1, sizeof(*c->fdec));
+
+    if (!fdec)
         return -1;
+    c->fdec = fdec;
 
     c->fdec[c->fdec_num] = av_mallocz(sizeof(**c->fdec));
     if (!c->fdec[c->fdec_num])