avcodec/zmbv: Don't free uninitialized z_stream

It is not documented to be safe to call inflateEnd() on a z_stream
that has not been successfully initialized via inflateInit(); so
record whether it has been successfully initialized.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c
index e1aba7f059..4cc0476f4d 100644
--- a/libavcodec/zmbv.c
+++ b/libavcodec/zmbv.c
@@ -56,6 +56,7 @@ enum ZmbvFormat {
 typedef struct ZmbvContext {
     AVCodecContext *avctx;
 
+    int zlib_init_ok;
     int bpp;
     int alloc_bpp;
     unsigned int decomp_size;
@@ -611,9 +612,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
 
     c->bpp = avctx->bits_per_coded_sample;
 
-    // Needed if zlib unused or init aborted before inflateInit
-    memset(&c->zstream, 0, sizeof(z_stream));
-
     if ((avctx->width + 255ULL) * (avctx->height + 64ULL) > FFMIN(avctx->max_pixels, INT_MAX / 4) ) {
         av_log(avctx, AV_LOG_ERROR, "Internal buffer (decomp_size) larger than max_pixels or too large\n");
         return AVERROR_INVALIDDATA;
@@ -637,6 +635,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
         av_log(avctx, AV_LOG_ERROR, "Inflate init error: %d\n", zret);
         return AVERROR_UNKNOWN;
     }
+    c->zlib_init_ok = 1;
 
     return 0;
 }
@@ -647,9 +646,10 @@ static av_cold int decode_end(AVCodecContext *avctx)
 
     av_freep(&c->decomp_buf);
 
-    inflateEnd(&c->zstream);
     av_freep(&c->cur);
     av_freep(&c->prev);
+    if (c->zlib_init_ok)
+        inflateEnd(&c->zstream);
 
     return 0;
 }