From 0efbd068e72ecfdcd4b1088f8daf35fb703fb4ea Mon Sep 17 00:00:00 2001 From: Mike Melanson Date: Thu, 24 Sep 2009 06:33:16 +0000 Subject: [PATCH] Make sure that all memory allocations succeed. Based on 28_theora_malloc_checks.patch from the Google Chrome team. Originally committed as revision 20008 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/vp3.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 6a6663ff3b..60b84f0b5f 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -42,6 +42,8 @@ #define FRAGMENT_PIXELS 8 +static av_cold int vp3_decode_end(AVCodecContext *avctx); + typedef struct Coeff { struct Coeff *next; DCTELEM coeff; @@ -1755,6 +1757,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->coeffs = av_malloc(s->fragment_count * sizeof(Coeff) * 65); s->coded_fragment_list = av_malloc(s->fragment_count * sizeof(int)); s->pixel_addresses_initialized = 0; + if (!s->superblock_coding || !s->all_fragments || !s->coeff_counts || + !s->coeffs || !s->coded_fragment_list) { + vp3_decode_end(avctx); + return -1; + } if (!s->theora_tables) { @@ -1860,6 +1867,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->superblock_macroblocks = av_malloc(s->superblock_count * 4 * sizeof(int)); s->macroblock_fragments = av_malloc(s->macroblock_count * 6 * sizeof(int)); s->macroblock_coding = av_malloc(s->macroblock_count + 1); + if (!s->superblock_fragments || !s->superblock_macroblocks || + !s->macroblock_fragments || !s->macroblock_coding) { + vp3_decode_end(avctx); + return -1; + } init_block_mapping(s); for (i = 0; i < 3; i++) {