From 52a44d50beb2ecf77213c9445649dcfd7ef44e92 Mon Sep 17 00:00:00 2001
From: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Date: Fri, 24 Nov 2017 18:21:57 +0000
Subject: [PATCH] h264_picture: Actually return error during alloc failure

Fixes NULL dereference during alloc failure.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
---
 libavcodec/h264_picture.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/libavcodec/h264_picture.c b/libavcodec/h264_picture.c
index e7dd84bc47..e833835a77 100644
--- a/libavcodec/h264_picture.c
+++ b/libavcodec/h264_picture.c
@@ -78,24 +78,30 @@ int ff_h264_ref_picture(H264Context *h, H264Picture *dst, H264Picture *src)
 
     dst->qscale_table_buf = av_buffer_ref(src->qscale_table_buf);
     dst->mb_type_buf      = av_buffer_ref(src->mb_type_buf);
-    if (!dst->qscale_table_buf || !dst->mb_type_buf)
+    if (!dst->qscale_table_buf || !dst->mb_type_buf) {
+        ret = AVERROR(ENOMEM);
         goto fail;
+    }
     dst->qscale_table = src->qscale_table;
     dst->mb_type      = src->mb_type;
 
     for (i = 0; i < 2; i++) {
         dst->motion_val_buf[i] = av_buffer_ref(src->motion_val_buf[i]);
         dst->ref_index_buf[i]  = av_buffer_ref(src->ref_index_buf[i]);
-        if (!dst->motion_val_buf[i] || !dst->ref_index_buf[i])
+        if (!dst->motion_val_buf[i] || !dst->ref_index_buf[i]) {
+            ret = AVERROR(ENOMEM);
             goto fail;
+        }
         dst->motion_val[i] = src->motion_val[i];
         dst->ref_index[i]  = src->ref_index[i];
     }
 
     if (src->hwaccel_picture_private) {
         dst->hwaccel_priv_buf = av_buffer_ref(src->hwaccel_priv_buf);
-        if (!dst->hwaccel_priv_buf)
+        if (!dst->hwaccel_priv_buf) {
+            ret = AVERROR(ENOMEM);
             goto fail;
+        }
         dst->hwaccel_picture_private = dst->hwaccel_priv_buf->data;
     }
 
-- 
GitLab