Clear cm->width and cm->height on alloc failure.
resize_context_buffers may call av1_alloc_context_buffers only if
cm->width != width or cm->height != height. If av1_alloc_context_buffers
fails, it has already cleared the cm->mi_* values and freed any existing
context buffers. So resize_context_buffers should also clear cm->width
and cm->height to be consistent. This will cause resize_context_buffers
to call av1_alloc_context_buffers next time.
BUG=oss-fuzz:9354
Change-Id: If81622028c71b5f1827a07c22794d0aea48debd6
diff --git a/av1/decoder/decodeframe.c b/av1/decoder/decodeframe.c
index b4e5bfc..73f7049 100644
--- a/av1/decoder/decodeframe.c
+++ b/av1/decoder/decodeframe.c
@@ -2055,9 +2055,15 @@
// Allocations in av1_alloc_context_buffers() depend on individual
// dimensions as well as the overall size.
if (new_mi_cols > cm->mi_cols || new_mi_rows > cm->mi_rows) {
- if (av1_alloc_context_buffers(cm, width, height))
+ if (av1_alloc_context_buffers(cm, width, height)) {
+ // The cm->mi_* values have been cleared and any existing context
+ // buffers have been freed. Clear cm->width and cm->height to be
+ // consistent and to force a realloc next time.
+ cm->width = 0;
+ cm->height = 0;
aom_internal_error(&cm->error, AOM_CODEC_MEM_ERROR,
"Failed to allocate context buffers");
+ }
} else {
av1_set_mb_mi(cm, width, height);
}
