[FFmpeg-devel] [PATCH] avcodec/vp56: use av_reallocp_array() and check if allocation fail
Michael Niedermayer
michaelni at gmx.at
Mon Sep 9 23:24:36 CEST 2013
On Mon, Sep 09, 2013 at 02:49:47PM +0000, Paul B Mahol wrote:
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavcodec/vp56.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c
> index 38f0e08..b4920d8 100644
> --- a/libavcodec/vp56.c
> +++ b/libavcodec/vp56.c
> @@ -475,12 +475,14 @@ static int vp56_size_changed(VP56Context *s)
> return -1;
> }
>
> - s->above_blocks = av_realloc(s->above_blocks,
> - (4*s->mb_width+6) * sizeof(*s->above_blocks));
> - s->macroblocks = av_realloc(s->macroblocks,
> - s->mb_width*s->mb_height*sizeof(*s->macroblocks));
> + av_reallocp_array(&s->above_blocks, 4*s->mb_width+6,
> + sizeof(*s->above_blocks));
> + av_reallocp_array(&s->macroblocks, s->mb_width*s->mb_height,
> + sizeof(*s->macroblocks));
> av_free(s->edge_emu_buffer_alloc);
> s->edge_emu_buffer_alloc = av_malloc(16*stride);
> + if (!s->above_blocks || !s->macroblocks || !s->edge_emu_buffer_alloc)
> + return AVERROR(ENOMEM);
> s->edge_emu_buffer = s->edge_emu_buffer_alloc;
doesnt this leave edge_emu_buffer pointing to freed memory in the
error case ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Those who are best at talking, realize last or never when they are wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130909/4892afb4/attachment.asc>
More information about the ffmpeg-devel
mailing list