mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-21 10:55:51 +02:00
pgssubdec: reset rle_data_len/rle_remaining_len on allocation error
The code relies on their validity and otherwise can try to access a NULL object->rle pointer, causing segmentation faults. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Diego Biurrun <diego@biurrun.de>
This commit is contained in:
parent
708e84cda1
commit
612cc07128
@ -297,8 +297,11 @@ static int parse_object_segment(AVCodecContext *avctx,
|
||||
|
||||
av_fast_malloc(&object->rle, &object->rle_buffer_size, rle_bitmap_len);
|
||||
|
||||
if (!object->rle)
|
||||
if (!object->rle) {
|
||||
object->rle_data_len = 0;
|
||||
object->rle_remaining_len = 0;
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
|
||||
memcpy(object->rle, buf, buf_size);
|
||||
object->rle_data_len = buf_size;
|
||||
|
Loading…
Reference in New Issue
Block a user