From f3fd4286970c018d57e4c31423a71de82d16a149 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 9 Feb 2010 19:31:04 +0000 Subject: [PATCH] Make sure that all memory allocations succeed. Based on 28_theora_malloc_checks.patch from the Google Chrome team. backport r20008 by melanson Originally committed as revision 21720 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5 --- libavcodec/vp3.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 07a791d3da..f30c060e17 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -43,6 +43,8 @@ #define FRAGMENT_PIXELS 8 +static av_cold int vp3_decode_end(AVCodecContext *avctx); + typedef struct Coeff { struct Coeff *next; DCTELEM coeff; @@ -1684,6 +1686,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->coeffs = av_malloc(s->fragment_count * sizeof(Coeff) * 65); s->coded_fragment_list = av_malloc(s->fragment_count * sizeof(int)); s->pixel_addresses_initialized = 0; + if (!s->superblock_coding || !s->all_fragments || !s->coeff_counts || + !s->coeffs || !s->coded_fragment_list) { + vp3_decode_end(avctx); + return -1; + } if (!s->theora_tables) { @@ -1784,6 +1791,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) s->superblock_macroblocks = av_malloc(s->superblock_count * 4 * sizeof(int)); s->macroblock_fragments = av_malloc(s->macroblock_count * 6 * sizeof(int)); s->macroblock_coding = av_malloc(s->macroblock_count + 1); + if (!s->superblock_fragments || !s->superblock_macroblocks || + !s->macroblock_fragments || !s->macroblock_coding) { + vp3_decode_end(avctx); + return -1; + } init_block_mapping(s); for (i = 0; i < 3; i++) {