virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Code Issues Releases Activity

avcodec/movtextdec: Reset counter of fonts when freeing them

Browse Source 
If allocating fonts fails when reading the header, all fonts are freed,
yet the counter of fonts is not reset and no error is returned; when
subtitles are decoded lateron, the inexistent list of fonts is searched
for the matching font for this particular entry which of course leads to
a segfault.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2020-10-17 10:15:29 +02:00
parent 9860777516
commit 5758620560
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/movtextdec.c
View File

@ -148,6 +148,7 @@ static void mov_text_cleanup_ftab(MovTextContext *m)
}
}
av_freep(&m->ftab);
m->ftab_entries = 0;
}
static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
@ -230,7 +231,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
box_size += 3;
if (avctx->extradata_size < box_size) {
mov_text_cleanup_ftab(m);
m->ftab_entries = 0;
return -1;
}
m->ftab_temp = av_mallocz(sizeof(*m->ftab_temp));
@ -245,7 +245,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
box_size = box_size + font_length;
if (avctx->extradata_size < box_size) {
mov_text_cleanup_ftab(m);
m->ftab_entries = 0;
return -1;
}
m->ftab_temp->font = av_malloc(font_length + 1);