Commit 612cc071 authored by Andreas Cadhalpun's avatar Andreas Cadhalpun Committed by Diego Biurrun

pgssubdec: reset rle_data_len/rle_remaining_len on allocation error

The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Signed-off-by: 's avatarAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: 's avatarDiego Biurrun <diego@biurrun.de>
parent 708e84cd
......@@ -297,8 +297,11 @@ static int parse_object_segment(AVCodecContext *avctx,
av_fast_malloc(&object->rle, &object->rle_buffer_size, rle_bitmap_len);
if (!object->rle)
if (!object->rle) {
object->rle_data_len = 0;
object->rle_remaining_len = 0;
return AVERROR(ENOMEM);
}
memcpy(object->rle, buf, buf_size);
object->rle_data_len = buf_size;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment