aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/cinepak.c
diff options
context:
space:
mode:
authorAndreas Rheinhardt <andreas.rheinhardt@outlook.com>2021-04-05 02:05:58 +0200
committerAndreas Rheinhardt <andreas.rheinhardt@outlook.com>2021-04-08 01:17:24 +0200
commit9abda1365c5e2d827eb673b6d98245163c868bf1 (patch)
treee0c3436b48ef988b37fd0a861fdba4790ad88cb9 /libavcodec/cinepak.c
parent8ffd3ef9d94f33b411348c594a49d994b55c9550 (diff)
downloadffmpeg-9abda1365c5e2d827eb673b6d98245163c868bf1.tar.gz
avcodec/rv34, mpegvideo: Fix segfault upon frame size change error
The RealVideo 3.0 and 4.0 decoders call ff_mpv_common_init() only during their init function and not during decode_frame(); when the size of the frame changes, they call ff_mpv_common_frame_size_change(). Yet upon error, said function calls ff_mpv_common_end() which frees the whole MpegEncContext and not only those parts that ff_mpv_common_frame_size_change() reinits. As a result, the context will never be usable again; worse, because decode_frame() contains no check for whether the context is initialized or not, it is presumed that it is initialized, leading to segfaults. Basically the same happens if rv34_decoder_realloc() fails. This commit fixes this by only resetting the parts that ff_mpv_common_frame_size_change() changes upon error and by actually checking whether the context is in need of reinitialization in ff_rv34_decode_frame(). Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Diffstat (limited to 'libavcodec/cinepak.c')
0 files changed, 0 insertions, 0 deletions