bsf: check memory allocations
authorVittorio Giovara <vittorio.giovara@gmail.com>
Thu, 18 Dec 2014 19:26:56 +0000 (20:26 +0100)
committerVittorio Giovara <vittorio.giovara@gmail.com>
Thu, 15 Jan 2015 00:25:16 +0000 (01:25 +0100)
libavcodec/bitstream_filter.c
libavcodec/dump_extradata_bsf.c
libavcodec/imx_dump_header_bsf.c
libavcodec/mjpega_dump_header_bsf.c
libavcodec/movsub_bsf.c
libavcodec/noise_bsf.c
libavcodec/parser.c

index f524d3ef8db7e8724fd3a8e711512a453310ad10..3b19bbdc76500f184fd65c8af29d4c905c6da9ba 100644 (file)
@@ -47,9 +47,17 @@ AVBitStreamFilterContext *av_bitstream_filter_init(const char *name)
         if (!strcmp(name, bsf->name)) {
             AVBitStreamFilterContext *bsfc =
                 av_mallocz(sizeof(AVBitStreamFilterContext));
+            if (!bsfc)
+                return NULL;
             bsfc->filter    = bsf;
-            bsfc->priv_data =
-                bsf->priv_data_size ? av_mallocz(bsf->priv_data_size) : NULL;
+            bsfc->priv_data = NULL;
+            if (bsf->priv_data_size) {
+                bsfc->priv_data = av_mallocz(bsf->priv_data_size);
+                if (!bsfc->priv_data) {
+                    av_freep(&bsfc);
+                    return NULL;
+                }
+            }
             return bsfc;
         }
         bsf = bsf->next;
index 17d943417204308cb5091c114a31fb9be3a8fb56..404fb592624dbcbc40ca3172b23db58ced640e6c 100644 (file)
@@ -37,6 +37,8 @@ static int dump_extradata(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx,
             int size= buf_size + avctx->extradata_size;
             *poutbuf_size= size;
             *poutbuf= av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE);
+            if (!*poutbuf)
+                return AVERROR(ENOMEM);
 
             memcpy(*poutbuf, avctx->extradata, avctx->extradata_size);
             memcpy((*poutbuf) + avctx->extradata_size, buf, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
index 5f5493f5a8222e835345014212475a9b72839b03..5c647c4d68a531394201f7c92d92dc8b4785bd34 100644 (file)
@@ -43,6 +43,8 @@ static int imx_dump_header(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx
     }
 
     *poutbuf = av_malloc(buf_size + 20 + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!*poutbuf)
+        return AVERROR(ENOMEM);
     poutbufp = *poutbuf;
     bytestream_put_buffer(&poutbufp, imx_header, 16);
     bytestream_put_byte(&poutbufp, 0x83); /* KLV BER long form */
index ed32d5a48f93fad89760f4d826c5de5795f22e51..1bcb9e722315b5ff4705a5364e6d91e4a6228a91 100644 (file)
@@ -45,6 +45,8 @@ static int mjpega_dump_header(AVBitStreamFilterContext *bsfc, AVCodecContext *av
 
     *poutbuf_size = 0;
     *poutbuf = av_malloc(buf_size + 44 + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!*poutbuf)
+        return AVERROR(ENOMEM);
     poutbufp = *poutbuf;
     bytestream_put_byte(&poutbufp, 0xff);
     bytestream_put_byte(&poutbufp, SOI);
index 506750f12d4792fdb97eb7afc51e8d0ed3d9f568..7b4cd62548a6cc2ec17e906ad5a9374c2b5c8220 100644 (file)
@@ -29,6 +29,8 @@ static int text2movsub(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, co
     if (buf_size > 0xffff) return 0;
     *poutbuf_size = buf_size + 2;
     *poutbuf = av_malloc(*poutbuf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!*poutbuf)
+        return AVERROR(ENOMEM);
     AV_WB16(*poutbuf, buf_size);
     memcpy(*poutbuf + 2, buf, buf_size);
     return 1;
@@ -46,6 +48,8 @@ static int mov2textsub(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, co
     if (buf_size < 2) return 0;
     *poutbuf_size = FFMIN(buf_size - 2, AV_RB16(buf));
     *poutbuf = av_malloc(*poutbuf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!*poutbuf)
+        return AVERROR(ENOMEM);
     memcpy(*poutbuf, buf + 2, *poutbuf_size);
     return 1;
 }
index 3e552e29f8431be10606a993ff6e0c6d591d1b14..00ceeadfecd09dac9a5091800aff149dd55dde27 100644 (file)
@@ -33,7 +33,8 @@ static int noise(AVBitStreamFilterContext *bsfc, AVCodecContext *avctx, const ch
     int i;
 
     *poutbuf= av_malloc(buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
-
+    if (!*poutbuf)
+        return AVERROR(ENOMEM);
     memcpy(*poutbuf, buf, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
     for(i=0; i<buf_size; i++){
         (*state) += (*poutbuf)[i] + 1;
index 6d20516f287f34bd8e19b1768737d2dad680e0d1..0a5c2cae33c197671aeaf1ff7e44ebd229d588c2 100644 (file)
@@ -193,6 +193,8 @@ int av_parser_change(AVCodecParserContext *s, AVCodecContext *avctx,
 
             *poutbuf_size = size;
             *poutbuf      = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE);
+            if (!*poutbuf)
+                return AVERROR(ENOMEM);
 
             memcpy(*poutbuf, avctx->extradata, avctx->extradata_size);
             memcpy(*poutbuf + avctx->extradata_size, buf,