diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-08-23 17:18:21 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-08-29 02:13:25 +0200 |
| commit | a1b32533aa7f31224f8f0be05d2cf020159e2e90 (patch) | |
| tree | 30f463777f9c7e9a1434e0aa7e508fff5ff5fd72 | |
| parent | e2eb0d23269043357cdab90a9fca4fca2895d2ac (diff) | |
| download | ffmpeg-a1b32533aa7f31224f8f0be05d2cf020159e2e90.tar.gz | |
jpeg2000: fix dereferencing invalid pointers
Found-by: Laurent Butti <laurentb@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 912ce9dd2080c5837285a471d750fa311e09b555)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/jpeg2000.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/libavcodec/jpeg2000.c b/libavcodec/jpeg2000.c index cb1a64d143..dc3311052e 100644 --- a/libavcodec/jpeg2000.c +++ b/libavcodec/jpeg2000.c @@ -272,7 +272,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, reslevel->log2_prec_height) - (reslevel->coord[1][0] >> reslevel->log2_prec_height); - reslevel->band = av_malloc_array(reslevel->nbands, sizeof(*reslevel->band)); + reslevel->band = av_calloc(reslevel->nbands, sizeof(*reslevel->band)); if (!reslevel->band) return AVERROR(ENOMEM); @@ -368,7 +368,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, for (j = 0; j < 2; j++) band->coord[1][j] = ff_jpeg2000_ceildiv(band->coord[1][j], dy); - band->prec = av_malloc_array(reslevel->num_precincts_x * + band->prec = av_calloc(reslevel->num_precincts_x * (uint64_t)reslevel->num_precincts_y, sizeof(*band->prec)); if (!band->prec) @@ -509,10 +509,12 @@ void ff_jpeg2000_cleanup(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty) for (bandno = 0; bandno < reslevel->nbands; bandno++) { Jpeg2000Band *band = reslevel->band + bandno; for (precno = 0; precno < reslevel->num_precincts_x * reslevel->num_precincts_y; precno++) { - Jpeg2000Prec *prec = band->prec + precno; - av_freep(&prec->zerobits); - av_freep(&prec->cblkincl); - av_freep(&prec->cblk); + if (band->prec) { + Jpeg2000Prec *prec = band->prec + precno; + av_freep(&prec->zerobits); + av_freep(&prec->cblkincl); + av_freep(&prec->cblk); + } } av_freep(&band->prec); |