]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5d6af7)
avcodec/mjpegenc: Fix segfault when freeing incomplete context
authorAndreas Rheinhardt <andreas.rheinhardt@outlook.com>
Tue, 30 Mar 2021 21:20:49 +0000 (23:20 +0200)
committerAndreas Rheinhardt <andreas.rheinhardt@outlook.com>
Wed, 31 Mar 2021 12:37:05 +0000 (14:37 +0200)
When allocating the MJpegContext fails (or if the dimensions run afoul
of the 65500x65500 limit), an attempt to free a subbuffer of said
context leads to a segfault in ff_mjpeg_encode_close().
Seems to be a regression since 467d9e27e0cb2bf74f41dc832f2f8d191ba58ec9.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavcodec/mjpegenc.c patch | blob | history

diff --git a/libavcodec/mjpegenc.c b/libavcodec/mjpegenc.c
index df3aaaf26b4ee6e90ff3b23b5c8e76873618044a..596b7544cafeb4d1df8364d46e968d4effb3eef5 100644 (file)
--- a/libavcodec/mjpegenc.c
+++ b/libavcodec/mjpegenc.c
@@ -312,8 +312,10 @@ av_cold int ff_mjpeg_encode_init(MpegEncContext *s)
 
 av_cold void ff_mjpeg_encode_close(MpegEncContext *s)
 {
-    av_freep(&s->mjpeg_ctx->huff_buffer);
-    av_freep(&s->mjpeg_ctx);
+    if (s->mjpeg_ctx) {
+        av_freep(&s->mjpeg_ctx->huff_buffer);
+        av_freep(&s->mjpeg_ctx);
+    }
 }
 
 /**
Unnamed repository; edit this file 'description' to name the repository.