diff options
author | Vittorio Giovara <vittorio.giovara@gmail.com> | 2014-03-09 18:52:40 +0100 |
---|---|---|
committer | Vittorio Giovara <vittorio.giovara@gmail.com> | 2014-06-23 18:58:29 -0400 |
commit | 10306e9c5fcc28bd9310a9b38f21540e9e1433e9 (patch) | |
tree | c521fb94f81f85973a720d30cae3ccb3ae032406 | |
parent | ab72eda15e98197cf148abc08574206cfde0d9b0 (diff) | |
download | ffmpeg-10306e9c5fcc28bd9310a9b38f21540e9e1433e9.tar.gz |
jpeg2000: fix dereferencing invalid pointers during cleanup
CC: libav-stable@libav.org
Found-by: Laurent Butti <laurentb@gmail.com>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
-rw-r--r-- | libavcodec/jpeg2000.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/libavcodec/jpeg2000.c b/libavcodec/jpeg2000.c index 74e4f15de8..fadb5cb3e4 100644 --- a/libavcodec/jpeg2000.c +++ b/libavcodec/jpeg2000.c @@ -229,7 +229,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, if (!comp->i_data) return AVERROR(ENOMEM); } - comp->reslevel = av_malloc_array(codsty->nreslevels, sizeof(*comp->reslevel)); + comp->reslevel = av_mallocz_array(codsty->nreslevels, sizeof(*comp->reslevel)); if (!comp->reslevel) return AVERROR(ENOMEM); /* LOOP on resolution levels */ @@ -277,7 +277,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, reslevel->log2_prec_height) - (reslevel->coord[1][0] >> reslevel->log2_prec_height); - reslevel->band = av_malloc_array(reslevel->nbands, sizeof(*reslevel->band)); + reslevel->band = av_mallocz_array(reslevel->nbands, sizeof(*reslevel->band)); if (!reslevel->band) return AVERROR(ENOMEM); @@ -373,9 +373,9 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, for (j = 0; j < 2; j++) band->coord[1][j] = ff_jpeg2000_ceildiv(band->coord[1][j], dy); - band->prec = av_malloc_array(reslevel->num_precincts_x * - reslevel->num_precincts_y, - sizeof(*band->prec)); + band->prec = av_mallocz_array(reslevel->num_precincts_x * + reslevel->num_precincts_y, + sizeof(*band->prec)); if (!band->prec) return AVERROR(ENOMEM); @@ -488,15 +488,30 @@ void ff_jpeg2000_cleanup(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty) for (reslevelno = 0; comp->reslevel && reslevelno < codsty->nreslevels; reslevelno++) { - Jpeg2000ResLevel *reslevel = comp->reslevel + reslevelno; + Jpeg2000ResLevel *reslevel; + + if (!comp->reslevel) + continue; + reslevel = comp->reslevel + reslevelno; for (bandno = 0; bandno < reslevel->nbands; bandno++) { - Jpeg2000Band *band = reslevel->band + bandno; + Jpeg2000Band *band; + + if (!reslevel->band) + continue; + + band = reslevel->band + bandno; for (precno = 0; precno < reslevel->num_precincts_x * reslevel->num_precincts_y; precno++) { - Jpeg2000Prec *prec = band->prec + precno; + Jpeg2000Prec *prec; + + if (!band->prec) + continue; + + prec = band->prec + precno; av_freep(&prec->zerobits); av_freep(&prec->cblkincl); av_freep(&prec->cblk); + } av_freep(&band->prec); |