From 24f1698758f0bd2ed5968cde35ce96ad58ba4c8d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 18 Jul 2015 11:24:45 +0200 Subject: [PATCH] avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoids leaving stale pointers Fixes: signal_sigabrt_7ffff70eccc9_819_sabtriple.rm with memlimit 536870912 Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a) Signed-off-by: Michael Niedermayer --- libavcodec/rv34.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index a232ab2593..6e86ebd35e 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1534,7 +1534,14 @@ int ff_rv34_decode_init_thread_copy(AVCodecContext *avctx) if (avctx->internal->is_copy) { r->tmp_b_block_base = NULL; + r->cbp_chroma = NULL; + r->cbp_luma = NULL; + r->deblock_coefs = NULL; + r->intra_types_hist = NULL; + r->mb_type = NULL; + ff_mpv_idct_init(&r->s); + if ((err = ff_mpv_common_init(&r->s)) < 0) return err; if ((err = rv34_decoder_alloc(r)) < 0) {