Fixes: Assertion failure Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/snowdec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index 1355ae6ed1..7ef28c4899 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -499,7 +499,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, s->avmv_index = 0; if ((res = decode_blocks(s)) < 0) - return res; + goto fail; for(plane_index=0; plane_index < s->nb_planes; plane_index++){ Plane *p= &s->plane[plane_index]; @@ -618,11 +618,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVFrameSideData *sd; sd = av_frame_new_side_data(picture, AV_FRAME_DATA_MOTION_VECTORS, s->avmv_index * sizeof(AVMotionVector)); - if (!sd) - return AVERROR(ENOMEM); - memcpy(sd->data, s->avmv, s->avmv_index * sizeof(AVMotionVector)); + if (sd) + memcpy(sd->data, s->avmv, s->avmv_index * sizeof(AVMotionVector)); } +fail: av_freep(&s->avmv); if (res < 0) -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
