Google Git
Sign in
aomedia/avm/fba482afc19c83331c3a2addc8ee4199ad7bf4a2^!/.
commit
fba482afc19c83331c3a2addc8ee4199ad7bf4a2
[log] [tgz]
author
Wan-Teh Chang <wtc@google.com>
Sat May 19 14:57:43 2018 -0700
committer
Wan-Teh Chang <wtc@google.com>
Mon May 21 19:03:45 2018 +0000
tree
0a5baea620691259f3b84292e2102f05326fb803
parent
86d4d919966a66b8bd229e966baadf26e9af0163 [diff]
Don't leave dangling pointers in webm_ctx->buffer.

Maintain the invariant that webm_ctx->buffer is equal to the *buffer
argument of webm_read_frame().

Change-Id: I25af444c153e9fc8568f877bba49954e4723ab22

diff --git a/webmdec.cc b/webmdec.cc
index d0e576b..27cfb23 100644
--- a/webmdec.cc
+++ b/webmdec.cc

@@ -11,6 +11,7 @@
 
 #include "./webmdec.h"
 
+#include <cassert>
 #include <cstring>
 #include <cstdio>
 
@@ -119,6 +120,7 @@
 
 int webm_read_frame(struct WebmInputContext *webm_ctx, uint8_t **buffer,
                     size_t *bytes_read, size_t *buffer_size) {
+  assert(webm_ctx->buffer == *buffer);
   // This check is needed for frame parallel decoding, in which case this
   // function could be called even after it has reached end of input stream.
   if (webm_ctx->reached_eos) {
@@ -180,10 +182,10 @@
   if (frame.len > static_cast<long>(*buffer_size)) {
     delete[] * buffer;
     *buffer = new uint8_t[frame.len];
+    webm_ctx->buffer = *buffer;
     if (*buffer == NULL) {
       return -1;
     }
-    webm_ctx->buffer = *buffer;
     *buffer_size = frame.len;
   }
   *bytes_read = frame.len;
@@ -201,6 +203,7 @@
   uint8_t *buffer = NULL;
   size_t buffer_size = 0;
   size_t bytes_read = 0;
+  assert(webm_ctx->buffer == NULL);
   while (webm_ctx->timestamp_ns < 1000000000 && i < 50) {
     if (webm_read_frame(webm_ctx, &buffer, &bytes_read, &buffer_size)) {
       break;
@@ -211,6 +214,7 @@
   aom_ctx->framerate.denominator =
       static_cast<int>(webm_ctx->timestamp_ns / 1000);
   delete[] buffer;
+  webm_ctx->buffer = NULL;
 
   get_first_cluster(webm_ctx);
   webm_ctx->block = NULL;