[FFmpeg-devel] [PATCH 24/40] avcodec/av1dec: Fix segfault upon allocation error

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Mon Sep 14 08:27:31 EEST 2020

The decoder's close function simply presumed that some AVFrames have
been successfully allocated although this can of course fail.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
Once could btw return immediately as soon as one encounters an AVFrame
that is NULL, because these frames are the first things to be allocated
in init (and in the same order as they are freed); yet I wanted to avoid
this additional dependency.

 libavcodec/av1dec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index bd8acdaafe..4b89bd83a0 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -388,11 +388,11 @@ static av_cold int av1_decode_free(AVCodecContext *avctx)
     AV1DecContext *s = avctx->priv_data;
     for (int i = 0; i < FF_ARRAY_ELEMS(s->ref); i++) {
-        if (s->ref[i].tf.f->buf[0])
+        if (s->ref[i].tf.f && s->ref[i].tf.f->buf[0])
             av1_frame_unref(avctx, &s->ref[i]);
-    if (s->cur_frame.tf.f->buf[0])
+    if (s->cur_frame.tf.f && s->cur_frame.tf.f->buf[0])
         av1_frame_unref(avctx, &s->cur_frame);

More information about the ffmpeg-devel mailing list