Commit f33b5ba6 authored by Luca Barbato's avatar Luca Barbato

vp56: release frames on error

Fixes CVE-2012-2783

CC: libav-stable@libav.org
parent bb675d3a
......@@ -514,8 +514,14 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
s->modelp = &s->models[is_alpha];
res = s->parse_header(s, buf, remaining_buf_size, &golden_frame);
if (res < 0)
if (res < 0) {
int i;
for (i = 0; i < 4; i++) {
if (s->frames[i].data[0])
avctx->release_buffer(avctx, &s->frames[i]);
}
return res;
}
if (res == VP56_SIZE_CHANGE) {
int i;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment