From d9d42c4d2f1269364d5dd4a6a90b664362936377 Mon Sep 17 00:00:00 2001 From: Kitae Kim Date: Fri, 7 Feb 2014 11:16:51 +0900 Subject: [PATCH] brillcodec: fix null pointer dereferences - add checking routine if output buffer is null or not - initialize uninitialized variables. Change-Id: Ia494b4c3bacc37122f4c6668efaa86e5ad849be6 Signed-off-by: Kitae Kim --- tizen/src/hw/maru_brill_codec.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tizen/src/hw/maru_brill_codec.c b/tizen/src/hw/maru_brill_codec.c index 92c4c12..60dc561 100644 --- a/tizen/src/hw/maru_brill_codec.c +++ b/tizen/src/hw/maru_brill_codec.c @@ -1223,8 +1223,10 @@ static bool codec_decode_video(MaruBrillCodecState *s, int ctx_id, void *data_bu size = sizeof(len); memcpy(tempbuf + size, &got_picture, sizeof(got_picture)); size += sizeof(got_picture); - deserialize_video_data(avctx, &video); - memcpy(tempbuf + size, &video, sizeof(struct video_data)); + if (avctx) { + deserialize_video_data(avctx, &video); + memcpy(tempbuf + size, &video, sizeof(struct video_data)); + } } maru_brill_codec_push_writequeue(s, tempbuf, tempbuf_size, ctx_id); @@ -1236,8 +1238,8 @@ static bool codec_decode_video(MaruBrillCodecState *s, int ctx_id, void *data_bu static bool codec_picture_copy (MaruBrillCodecState *s, int ctx_id, void *elem) { - AVCodecContext *avctx; - AVPicture *src; + AVCodecContext *avctx = NULL; + AVPicture *src = NULL; AVPicture dst; uint8_t *out_buffer = NULL, *tempbuf = NULL; int pict_size = 0; @@ -1474,7 +1476,7 @@ static bool codec_encode_video(MaruBrillCodecState *s, int ctx_id, void *data_bu } else { memcpy(tempbuf, &len, sizeof(len)); size = sizeof(len); - if (len) { + if (len && outbuf) { memcpy(tempbuf + size, outbuf, len); } } @@ -1549,7 +1551,7 @@ static bool codec_encode_audio(MaruBrillCodecState *s, int ctx_id, void *data_bu } else { memcpy(tempbuf, &len, sizeof(len)); size = sizeof(len); - if (len) { + if (len && outbuf) { memcpy(tempbuf + size, outbuf, len); } } -- 2.7.4