avcodec/ffv1: Fix segfaults on allocation error

When allocating FFV1 slice contexts fails, ff_ffv1_init_slice_contexts()
frees everything that it has allocated, yet it does not reset the
counter for the number of allocated slice contexts. This inconsistent
state leads to segfaults lateron in ff_ffv1_close(), because said
function presumes that the slice contexts have been allocated.
Fix this by making sure that the number of slice contexts on error is
consistent (namely zero).

(This issue only affected the FFV1 decoder, because the encoder does not
clean up after itself on init failure.)

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit a0750f412ade5a969b1f90e038d707d531c97342)

1 files changed, 4 insertions, 4 deletions

diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 93cec14244..5b52849400 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -115,12 +115,11 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f)
 
 av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
 {
-    int i;
+    int i, max_slice_count = f->num_h_slices * f->num_v_slices;
 
-    f->max_slice_count = f->num_h_slices * f->num_v_slices;
-    av_assert0(f->max_slice_count > 0);
+    av_assert0(max_slice_count > 0);
 
-    for (i = 0; i < f->max_slice_count; i++) {
+    for (i = 0; i < max_slice_count; i++) {
         int sx          = i % f->num_h_slices;
         int sy          = i / f->num_h_slices;
         int sxs         = f->avctx->width  *  sx      / f->num_h_slices;
@@ -152,6 +151,7 @@ av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
             goto memfail;
         }
     }
+    f->max_slice_count = max_slice_count;
     return 0;
 
 memfail: