avcodec/hevc: use av_mallocz() for allocating tab_ipm
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 11 Jan 2014 19:23:51 +0000 (20:23 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 13 Jan 2014 15:11:50 +0000 (16:11 +0100)
Fixes use of uninitialized memory and out of stack array read
Fixes: signal_sigsegv_ecc526_7846_WPP_C_ericsson_MAIN_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0999f1613bc48ed9d6578a3ad7bcd17610e07fbf)

Conflicts:

libavcodec/hevc.c

libavcodec/hevc.c

index a16b045..8b15ec5 100644 (file)
@@ -109,7 +109,7 @@ static int pic_arrays_init(HEVCContext *s)
     if (!s->skip_flag || !s->tab_ct_depth)
         goto fail;
 
-    s->tab_ipm  = av_malloc(pic_size_in_min_pu);
+    s->tab_ipm  = av_mallocz(pic_size_in_min_pu);
     s->cbf_luma = av_malloc(pic_width_in_min_tu * pic_height_in_min_tu);
     s->is_pcm   = av_malloc(pic_size_in_min_pu);
     if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm)