[FFmpeg-cvslog] avcodec/jpeg2000dec: clear array length when freeing it

James Almer Fri, 10 Jan 2025 09:56:46 -0800

ffmpeg | branch: master | James Almer <jamr...@gmail.com> | Wed Jan  1 23:58:39 
2025 -0300| [7f9c7f9849a2155224711f0ff57ecdac6e4bfb57] | committer: James Almer


avcodec/jpeg2000dec: clear array length when freeing it

Fixes NULL pointer dereferences.
Fixes ticket #11393.

Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc>
Signed-off-by: James Almer <jamr...@gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f9c7f9849a2155224711f0ff57ecdac6e4bfb57
---

 libavcodec/jpeg2000dec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e5e897a29f..b82d85d5ee 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext 
*s, Jpeg2000Tile *tile,
                 }
             }
             av_freep(&cblk->lengthinc);
+            cblk->nb_lengthinc = 0;
         }
     }
     // Save state of stream

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/jpeg2000dec: clear array length when freeing it

Reply via email to