avcodec/alac: Clear pointers in allocate_buffers()

avcodec/alac: Clear pointers in allocate_buffers()

Fixes: 06a4edb39ad8a9883175f9bd428334a2_signal_sigsegv_7ffff713351a_706_mov__alac__ALAC_6ch.mov
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Gbp-Pq: Name CVE-2015-6823.patch

diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index 0d25adc71e01bb34de973f35c418c2464fcfab17..eaf7bf603a01f58e3569b10aa5db9fd985ebaa3e 100644 (file)
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -482,6 +482,12 @@ static int allocate_buffers(ALACContext *alac)
     int ch;
     int buf_size = alac->max_samples_per_frame * sizeof(int32_t);
 
+    for (ch = 0; ch < 2; ch++) {
+        alac->predict_error_buffer[ch]  = NULL;
+        alac->output_samples_buffer[ch] = NULL;
+        alac->extra_bits_buffer[ch]     = NULL;
+    }
+
     for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) {
         FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch],
                          buf_size, buf_alloc_fail);