[FFmpeg-devel] [PATCH v2 2/2] avcodec/mpeg12dec: ensure a53_caption_size is reset on malloc failures
Aman Gupta
ffmpeg at tmm1.net
Wed Mar 15 21:53:04 EET 2017
From: Aman Gupta <aman at tmm1.net>
---
libavcodec/mpeg12dec.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index cea8963..f71f207 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -2255,8 +2255,11 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 3;
s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (s1->a53_caption)
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
memcpy(s1->a53_caption, p + 7, s1->a53_caption_size);
+ }
avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
return 1;
@@ -2273,7 +2276,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 3;
s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (s1->a53_caption) {
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
uint8_t field, cc1, cc2;
uint8_t *cap = s1->a53_caption;
for (i = 0; i < cc_count; i++) {
@@ -2337,7 +2342,9 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
av_freep(&s1->a53_caption);
s1->a53_caption_size = cc_count * 6;
s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (s1->a53_caption) {
+ if (!s1->a53_caption) {
+ s1->a53_caption_size = 0;
+ } else {
uint8_t field1 = !!(p[4] & 0x80);
uint8_t *cap = s1->a53_caption;
p += 5;
--
2.10.1 (Apple Git-78)
More information about the ffmpeg-devel
mailing list