From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Fri, 4 Nov 2016 18:00:01 +0000 (+0100)
Subject: diracdec: clear slice_params_num_buf on allocation failure
X-Git-Tag: android-x86-7.1-r1~3264
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=24d20496d2e6e1df6456c5231d892269dd1fcf38;p=android-x86%2Fexternal-ffmpeg.git

diracdec: clear slice_params_num_buf on allocation failure

Otherwise it can be non-zero next time decode_lowdelay is called, causing
slice_params_buf not to be allocated, leading to a NULL pointer dereference.

The problem was introduced in commit
dcad4677d637cd2f701917e38361fa96b8c9a418.

Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 5c669ffdee..bb314d0df6 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -910,6 +910,7 @@ static int decode_lowdelay(DiracContext *s)
         s->slice_params_buf = av_realloc_f(s->slice_params_buf, s->num_x * s->num_y, sizeof(DiracSlice));
         if (!s->slice_params_buf) {
             av_log(s->avctx, AV_LOG_ERROR, "slice params buffer allocation failure\n");
+            s->slice_params_num_buf = 0;
             return AVERROR(ENOMEM);
         }
         s->slice_params_num_buf = s->num_x * s->num_y;