diff options
author | Andreas Rheinhardt <andreas.rheinhardt@outlook.com> | 2021-04-05 02:05:58 +0200 |
---|---|---|
committer | Andreas Rheinhardt <andreas.rheinhardt@outlook.com> | 2021-04-08 11:56:44 +0200 |
commit | b0997b8526e5f801052dbfcef89fa9d77fd046f4 (patch) | |
tree | 2d0c28e059fa157ca1dcb1d09a6cbbabf6152591 /libswresample | |
parent | 4562719c7d598e3efa884af23b1dd127287011b8 (diff) | |
download | ffmpeg-b0997b8526e5f801052dbfcef89fa9d77fd046f4.tar.gz |
avcodec/rv34, mpegvideo: Fix segfault upon frame size change error
The RealVideo 3.0 and 4.0 decoders call ff_mpv_common_init() only during
their init function and not during decode_frame(); when the size of the
frame changes, they call ff_mpv_common_frame_size_change(). Yet upon
error, said function calls ff_mpv_common_end() which frees the whole
MpegEncContext and not only those parts that
ff_mpv_common_frame_size_change() reinits. As a result, the context will
never be usable again; worse, because decode_frame() contains no check
for whether the context is initialized or not, it is presumed that it is
initialized, leading to segfaults. Basically the same happens if
rv34_decoder_realloc() fails.
This commit fixes this by only resetting the parts that
ff_mpv_common_frame_size_change() changes upon error and by actually
checking whether the context is in need of reinitialization in
ff_rv34_decode_frame().
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 9abda1365c5e2d827eb673b6d98245163c868bf1)
Diffstat (limited to 'libswresample')
0 files changed, 0 insertions, 0 deletions