From 8a9641a652ed1546fedfda22584f79d3d423096e Mon Sep 17 00:00:00 2001 From: Vittorio Giovara Date: Thu, 18 Dec 2014 20:26:56 +0100 Subject: [PATCH] bsf: check memory allocations --- libavcodec/bitstream_filter.c | 12 ++++++++++-- libavcodec/dump_extradata_bsf.c | 2 ++ libavcodec/imx_dump_header_bsf.c | 2 ++ libavcodec/mjpega_dump_header_bsf.c | 2 ++ libavcodec/movsub_bsf.c | 4 ++++ libavcodec/noise_bsf.c | 3 ++- libavcodec/parser.c | 2 ++ 7 files changed, 24 insertions(+), 3 deletions(-) diff --git a/libavcodec/bitstream_filter.c b/libavcodec/bitstream_filter.c index f524d3ef8d..3b19bbdc76 100644 --- a/libavcodec/bitstream_filter.c +++ b/libavcodec/bitstream_filter.c @@ -47,9 +47,17 @@ AVBitStreamFilterContext *av_bitstream_filter_init(const char *name) if (!strcmp(name, bsf->name)) { AVBitStreamFilterContext *bsfc = av_mallocz(sizeof(AVBitStreamFilterContext)); + if (!bsfc) + return NULL; bsfc->filter = bsf; - bsfc->priv_data = - bsf->priv_data_size ? av_mallocz(bsf->priv_data_size) : NULL; + bsfc->priv_data = NULL; + if (bsf->priv_data_size) { + bsfc->priv_data = av_mallocz(bsf->priv_data_size); + if (!bsfc->priv_data) { + av_freep(&bsfc); + return NULL; + } + } return bsfc; } bsf = bsf->next; diff --git a/libavcodec/dump_extradata_bsf.c b/libavcodec/dump_extradata_bsf.c index 17d9434172..404fb59262 100644 --- a/libavcodec/dump_extradata_bsf.c +++ b/libavcodec/dump_extradata_bsf.c @@ -37,6 +37,8 @@ static int dump_extradata(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, int size= buf_size + avctx->extradata_size; *poutbuf_size= size; *poutbuf= av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE); + if (!*poutbuf) + return AVERROR(ENOMEM); memcpy(*poutbuf, avctx->extradata, avctx->extradata_size); memcpy((*poutbuf) + avctx->extradata_size, buf, buf_size + FF_INPUT_BUFFER_PADDING_SIZE); diff --git a/libavcodec/imx_dump_header_bsf.c b/libavcodec/imx_dump_header_bsf.c index 5f5493f5a8..5c647c4d68 100644 --- a/libavcodec/imx_dump_header_bsf.c +++ b/libavcodec/imx_dump_header_bsf.c @@ -43,6 +43,8 @@ static int imx_dump_header(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx } *poutbuf = av_malloc(buf_size + 20 + FF_INPUT_BUFFER_PADDING_SIZE); + if (!*poutbuf) + return AVERROR(ENOMEM); poutbufp = *poutbuf; bytestream_put_buffer(&poutbufp, imx_header, 16); bytestream_put_byte(&poutbufp, 0x83); /* KLV BER long form */ diff --git a/libavcodec/mjpega_dump_header_bsf.c b/libavcodec/mjpega_dump_header_bsf.c index ed32d5a48f..1bcb9e7223 100644 --- a/libavcodec/mjpega_dump_header_bsf.c +++ b/libavcodec/mjpega_dump_header_bsf.c @@ -45,6 +45,8 @@ static int mjpega_dump_header(AVBitStreamFilterContext *bsfc, AVCodecContext *av *poutbuf_size = 0; *poutbuf = av_malloc(buf_size + 44 + FF_INPUT_BUFFER_PADDING_SIZE); + if (!*poutbuf) + return AVERROR(ENOMEM); poutbufp = *poutbuf; bytestream_put_byte(&poutbufp, 0xff); bytestream_put_byte(&poutbufp, SOI); diff --git a/libavcodec/movsub_bsf.c b/libavcodec/movsub_bsf.c index 506750f12d..7b4cd62548 100644 --- a/libavcodec/movsub_bsf.c +++ b/libavcodec/movsub_bsf.c @@ -29,6 +29,8 @@ static int text2movsub(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, co if (buf_size > 0xffff) return 0; *poutbuf_size = buf_size + 2; *poutbuf = av_malloc(*poutbuf_size + FF_INPUT_BUFFER_PADDING_SIZE); + if (!*poutbuf) + return AVERROR(ENOMEM); AV_WB16(*poutbuf, buf_size); memcpy(*poutbuf + 2, buf, buf_size); return 1; @@ -46,6 +48,8 @@ static int mov2textsub(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, co if (buf_size < 2) return 0; *poutbuf_size = FFMIN(buf_size - 2, AV_RB16(buf)); *poutbuf = av_malloc(*poutbuf_size + FF_INPUT_BUFFER_PADDING_SIZE); + if (!*poutbuf) + return AVERROR(ENOMEM); memcpy(*poutbuf, buf + 2, *poutbuf_size); return 1; } diff --git a/libavcodec/noise_bsf.c b/libavcodec/noise_bsf.c index 3e552e29f8..00ceeadfec 100644 --- a/libavcodec/noise_bsf.c +++ b/libavcodec/noise_bsf.c @@ -33,7 +33,8 @@ static int noise(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, const ch int i; *poutbuf= av_malloc(buf_size + FF_INPUT_BUFFER_PADDING_SIZE); - + if (!*poutbuf) + return AVERROR(ENOMEM); memcpy(*poutbuf, buf, buf_size + FF_INPUT_BUFFER_PADDING_SIZE); for(i=0; iextradata, avctx->extradata_size); memcpy(*poutbuf + avctx->extradata_size, buf,