diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 05aeddd1b0..84d6d40916 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -165,28 +165,36 @@ static int ogg_new_stream(AVFormatContext *s, uint32_t serial, int new_avstream) { struct ogg *ogg = s->priv_data; - int idx = ogg->nstreams++; + int idx = ogg->nstreams; AVStream *st; struct ogg_stream *os; + size_t size; - ogg->streams = av_realloc (ogg->streams, - ogg->nstreams * sizeof (*ogg->streams)); + if (av_size_mult(ogg->nstreams + 1, sizeof(*ogg->streams), &size) < 0 || + !(os = av_realloc(ogg->streams, size))) + return AVERROR(ENOMEM); + ogg->streams = os; memset (ogg->streams + idx, 0, sizeof (*ogg->streams)); os = ogg->streams + idx; os->serial = serial; os->bufsize = DECODER_BUFFER_SIZE; os->buf = av_malloc(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE); os->header = -1; + if (!os->buf) + return AVERROR(ENOMEM); if (new_avstream) { st = avformat_new_stream(s, NULL); - if (!st) + if (!st) { + av_freep(&os->buf); return AVERROR(ENOMEM); + } st->id = idx; avpriv_set_pts_info(st, 64, 1, 1000000); } + ogg->nstreams++; return idx; }