[FFmpeg-cvslog] avcodec/hevc: Check entry point arrays for malloc failure

Michael Niedermayer git at videolan.org
Mon Jan 13 17:28:59 CET 2014


ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Mon Jan 13 03:51:39 2014 +0100| [a0aa5c34a964ed74217d4e7908ec4bf9536876d6] | committer: Michael Niedermayer

avcodec/hevc: Check entry point arrays for malloc failure

Fixes null pointer dereference
Fixes: signal_sigsegv_e1d3b6_2192_DBLK_F_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 22bfb4be284c12f33b9dac010713fe3ca6d974bf)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0aa5c34a964ed74217d4e7908ec4bf9536876d6
---

 libavcodec/hevc.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index befe2de..8ff51a3 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -602,6 +602,11 @@ static int hls_slice_header(HEVCContext *s)
             sh->entry_point_offset = av_malloc(sh->num_entry_point_offsets * sizeof(int));
             sh->offset = av_malloc(sh->num_entry_point_offsets * sizeof(int));
             sh->size = av_malloc(sh->num_entry_point_offsets * sizeof(int));
+            if (!sh->entry_point_offset || !sh->offset || !sh->size) {
+                sh->num_entry_point_offsets = 0;
+                av_log(s->avctx, AV_LOG_ERROR, "Failed to allocate memory\n");
+                return AVERROR(ENOMEM);
+            }
             for (i = 0; i < sh->num_entry_point_offsets; i++) {
                 int val = 0;
                 for (j = 0; j < segments; j++) {



More information about the ffmpeg-cvslog mailing list