Fixes null pointer dereference
Fixes Ticket3873
Signed-off-by: Michael Niedermayer michae...@gmx.at
---
libavcodec/h264_slice.c | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index fc744f2..c5a9784 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1173,7 +1173,7 @@ static int h264_slice_header_init(H264Context *h, int
reinit)
ret = ff_h264_alloc_tables(h);
if (ret 0) {
av_log(h-avctx, AV_LOG_ERROR, Could not allocate memory\n);
-return ret;
+goto fail;
}
if (nb_slices H264_MAX_THREADS || (nb_slices h-mb_height
h-mb_height)) {
@@ -1192,14 +1192,16 @@ static int h264_slice_header_init(H264Context *h, int
reinit)
ret = ff_h264_context_init(h);
if (ret 0) {
av_log(h-avctx, AV_LOG_ERROR, context_init() failed.\n);
-return ret;
+goto fail;
}
} else {
for (i = 1; i h-slice_context_count; i++) {
H264Context *c;
c= h-thread_context[i] =
av_mallocz(sizeof(H264Context));
-if (!c)
-return AVERROR(ENOMEM);
+if (!c) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
c-avctx = h-avctx;
if (CONFIG_ERROR_RESILIENCE) {
c-mecc = h-mecc;
@@ -1238,13 +1240,17 @@ static int h264_slice_header_init(H264Context *h, int
reinit)
for (i = 0; i h-slice_context_count; i++)
if ((ret = ff_h264_context_init(h-thread_context[i])) 0) {
av_log(h-avctx, AV_LOG_ERROR, context_init() failed.\n);
-return ret;
+goto fail;
}
}
h-context_initialized = 1;
return 0;
+fail:
+ff_h264_free_tables(h, 0);
+h-context_initialized = 0;
+return ret;
}
static enum AVPixelFormat non_j_pixfmt(enum AVPixelFormat a)
--
1.7.9.5
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
