mirror of https://git.ffmpeg.org/ffmpeg.git
jpeg2000: fix dereferencing invalid pointers
Found-by: Laurent Butti <laurentb@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
800ea20cad
commit
912ce9dd20
|
@ -272,7 +272,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp,
|
|||
reslevel->log2_prec_height) -
|
||||
(reslevel->coord[1][0] >> reslevel->log2_prec_height);
|
||||
|
||||
reslevel->band = av_malloc_array(reslevel->nbands, sizeof(*reslevel->band));
|
||||
reslevel->band = av_calloc(reslevel->nbands, sizeof(*reslevel->band));
|
||||
if (!reslevel->band)
|
||||
return AVERROR(ENOMEM);
|
||||
|
||||
|
@ -368,7 +368,7 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp,
|
|||
for (j = 0; j < 2; j++)
|
||||
band->coord[1][j] = ff_jpeg2000_ceildiv(band->coord[1][j], dy);
|
||||
|
||||
band->prec = av_malloc_array(reslevel->num_precincts_x *
|
||||
band->prec = av_calloc(reslevel->num_precincts_x *
|
||||
(uint64_t)reslevel->num_precincts_y,
|
||||
sizeof(*band->prec));
|
||||
if (!band->prec)
|
||||
|
@ -509,11 +509,13 @@ void ff_jpeg2000_cleanup(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty)
|
|||
for (bandno = 0; bandno < reslevel->nbands; bandno++) {
|
||||
Jpeg2000Band *band = reslevel->band + bandno;
|
||||
for (precno = 0; precno < reslevel->num_precincts_x * reslevel->num_precincts_y; precno++) {
|
||||
if (band->prec) {
|
||||
Jpeg2000Prec *prec = band->prec + precno;
|
||||
av_freep(&prec->zerobits);
|
||||
av_freep(&prec->cblkincl);
|
||||
av_freep(&prec->cblk);
|
||||
}
|
||||
}
|
||||
|
||||
av_freep(&band->prec);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue