avcodec/movtextdec: Reset counter of fonts when freeing them

If allocating fonts fails when reading the header, all fonts are freed,
yet the counter of fonts is not reset and no error is returned; when
subtitles are decoded lateron, the inexistent list of fonts is searched
for the matching font for this particular entry which of course leads to
a segfault.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 4a21dbf36d4fd86b52d0fb7cd8fd4736ec16a385..068bdb7802f42c9b558a0a3342a943baebe64209 100644 (file)
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -148,6 +148,7 @@ static void mov_text_cleanup_ftab(MovTextContext *m)
         }
     }
     av_freep(&m->ftab);
+    m->ftab_entries = 0;
 }
 
 static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
@@ -230,7 +231,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
         box_size += 3;
         if (avctx->extradata_size < box_size) {
             mov_text_cleanup_ftab(m);
-            m->ftab_entries = 0;
             return -1;
         }
         m->ftab_temp = av_mallocz(sizeof(*m->ftab_temp));
@@ -245,7 +245,6 @@ static int mov_text_tx3g(AVCodecContext *avctx, MovTextContext *m)
         box_size = box_size + font_length;
         if (avctx->extradata_size < box_size) {
             mov_text_cleanup_ftab(m);
-            m->ftab_entries = 0;
             return -1;
         }
         m->ftab_temp->font = av_malloc(font_length + 1);