From 1fa35e4352cc39894987e14de464e3d72b55739f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 21 Aug 2014 16:33:03 +0200 Subject: avcodec/h264_slice: More complete cleanup in h264_slice_header_init() Fixes null pointer dereference Fixes Ticket3873 Signed-off-by: Michael Niedermayer --- libavcodec/h264_slice.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index fc744f2f1a..c5a9784dbe 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1173,7 +1173,7 @@ static int h264_slice_header_init(H264Context *h, int reinit) ret = ff_h264_alloc_tables(h); if (ret < 0) { av_log(h->avctx, AV_LOG_ERROR, "Could not allocate memory\n"); - return ret; + goto fail; } if (nb_slices > H264_MAX_THREADS || (nb_slices > h->mb_height && h->mb_height)) { @@ -1192,14 +1192,16 @@ static int h264_slice_header_init(H264Context *h, int reinit) ret = ff_h264_context_init(h); if (ret < 0) { av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n"); - return ret; + goto fail; } } else { for (i = 1; i < h->slice_context_count; i++) { H264Context *c; c = h->thread_context[i] = av_mallocz(sizeof(H264Context)); - if (!c) - return AVERROR(ENOMEM); + if (!c) { + ret = AVERROR(ENOMEM); + goto fail; + } c->avctx = h->avctx; if (CONFIG_ERROR_RESILIENCE) { c->mecc = h->mecc; @@ -1238,13 +1240,17 @@ static int h264_slice_header_init(H264Context *h, int reinit) for (i = 0; i < h->slice_context_count; i++) if ((ret = ff_h264_context_init(h->thread_context[i])) < 0) { av_log(h->avctx, AV_LOG_ERROR, "context_init() failed.\n"); - return ret; + goto fail; } } h->context_initialized = 1; return 0; +fail: + ff_h264_free_tables(h, 0); + h->context_initialized = 0; + return ret; } static enum AVPixelFormat non_j_pixfmt(enum AVPixelFormat a) -- cgit v1.2.3