RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

dvbsubdec: Fixed segfault when decoding subtitles 

This fixes a segfault (originally found in Movian, but traced to libav)
when decoding subtitles because only an array of rects is allocated,
but not the actual structs it contains. The issue was probably
introduced in commit 2383323 where the loop to allocate the rects in
the array was thrown away.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
This commit is contained in:
Lorenz Brun 2016-10-21 22:51:37 +02:00 committed by Vittorio Giovara
parent 3fdf50f9e8
commit 1cfd566324
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libavcodec/dvbsubdec.c
View File

@ -1285,13 +1285,18 @@ static int dvbsub_display_end_segment(AVCodecContext *avctx, const uint8_t *buf,
}
sub->num_rects = ctx->display_list_size;
if (sub->num_rects <= 0)
return AVERROR_INVALIDDATA;
sub->rects = av_mallocz_array(sub->num_rects * sub->num_rects,
sizeof(*sub->rects));
if (!sub->rects)
return AVERROR(ENOMEM);
if (sub->num_rects > 0) {
sub->rects = av_mallocz(sizeof(*sub->rects) * sub->num_rects);
if (!sub->rects)
return AVERROR(ENOMEM);
for (i = 0; i < sub->num_rects; i++) {
sub->rects[i] = av_mallocz(sizeof(*sub->rects[i]));
if (!sub->rects[i]) {
return AVERROR(ENOMEM);
}
}
}
i = 0;