The code relies on their validity and otherwise can try to access a NULL
object->rle pointer, causing segmentation faults.
Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
libavcodec/pgssubdec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c
index b50b37b206..b897d72aab 100644
--- a/libavcodec/pgssubdec.c
+++ b/libavcodec/pgssubdec.c
@@ -300,8 +300,11 @@ static int parse_object_segment(AVCodecContext *avctx,
av_fast_padded_malloc(&object->rle, &object->rle_buffer_size,
rle_bitmap_len);
- if (!object->rle)
+ if (!object->rle) {
+ object->rle_data_len = 0;
+ object->rle_remaining_len = 0;
return AVERROR(ENOMEM);
+ }
memcpy(object->rle, buf, buf_size);
object->rle_data_len = buf_size;
--
2.11.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
