virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-20 07:48:15 +02:00
Code Issues Releases Activity

avcodec/movtextdec: Reset counter of fonts when freeing them

Browse Source 
If allocating fonts fails when reading the header, all fonts are freed,
yet the counter of fonts is not reset and no error is returned; when
subtitles are decoded lateron, the inexistent list of fonts is searched
for the matching font for this particular entry which of course leads to
a segfault.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 5758620560f1aa329a26ca1585dc0dbd903522c4)
This commit is contained in:
Andreas Rheinhardt 2020-10-17 10:15:29 +02:00
parent 9c6feb104d
commit 2e49daad79
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/movtextdec.c
View File

@ -148,6 +148,7 @@ static void mov_text_cleanup_ftab(MovTextContext *m)
}
}
av_freep(&m->ftab);
m->ftab_entries = 0;
}
static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
@ -230,7 +231,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
box_size += 3;
if (avctx->extradata_size < box_size) {
mov_text_cleanup_ftab(m);
m->ftab_entries = 0;
return -1;
}
m->ftab_temp = av_mallocz(sizeof(*m->ftab_temp));
@ -245,7 +245,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
box_size = box_size + font_length;
if (avctx->extradata_size < box_size) {
mov_text_cleanup_ftab(m);
m->ftab_entries = 0;
return -1;
}
m->ftab_temp->font = av_malloc(font_length + 1);