ffmpeg | branch: release/2.2 | Michael Niedermayer <michae...@gmx.at> | Tue Jan 13 18:51:33 2015 +0100| [ecae610207e35d6e7b4cb7e773414ed172c55adf] | committer: Michael Niedermayer
avcodec/hevc: Fix handling of skipped_bytes() reallocation failures Fixes CID1260704 Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit e172f5e53ae4dbbcdcf81c9a3b962dc9f5a8a98d) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ecae610207e35d6e7b4cb7e773414ed172c55adf --- libavcodec/hevc.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 5f719c8..8ba9838 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2568,17 +2568,30 @@ static int decode_nal_units(HEVCContext *s, const uint8_t *buf, int length) if (s->nals_allocated < s->nb_nals + 1) { int new_size = s->nals_allocated + 1; - HEVCNAL *tmp = av_realloc_array(s->nals, new_size, sizeof(*tmp)); + void *tmp = av_realloc_array(s->nals, new_size, sizeof(*s->nals)); + ret = AVERROR(ENOMEM); if (!tmp) { - ret = AVERROR(ENOMEM); goto fail; } s->nals = tmp; memset(s->nals + s->nals_allocated, 0, - (new_size - s->nals_allocated) * sizeof(*tmp)); - av_reallocp_array(&s->skipped_bytes_nal, new_size, sizeof(*s->skipped_bytes_nal)); - av_reallocp_array(&s->skipped_bytes_pos_size_nal, new_size, sizeof(*s->skipped_bytes_pos_size_nal)); - av_reallocp_array(&s->skipped_bytes_pos_nal, new_size, sizeof(*s->skipped_bytes_pos_nal)); + (new_size - s->nals_allocated) * sizeof(*s->nals)); + + tmp = av_realloc_array(s->skipped_bytes_nal, new_size, sizeof(*s->skipped_bytes_nal)); + if (!tmp) + goto fail; + s->skipped_bytes_nal = tmp; + + tmp = av_realloc_array(s->skipped_bytes_pos_size_nal, new_size, sizeof(*s->skipped_bytes_pos_size_nal)); + if (!tmp) + goto fail; + s->skipped_bytes_pos_size_nal = tmp; + + tmp = av_realloc_array(s->skipped_bytes_pos_nal, new_size, sizeof(*s->skipped_bytes_pos_nal)); + if (!tmp) + goto fail; + s->skipped_bytes_pos_nal = tmp; + s->skipped_bytes_pos_size_nal[s->nals_allocated] = 1024; // initial buffer size s->skipped_bytes_pos_nal[s->nals_allocated] = av_malloc_array(s->skipped_bytes_pos_size_nal[s->nals_allocated], sizeof(*s->skipped_bytes_pos)); s->nals_allocated = new_size; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog