shithub: libvpx

--- a/rate_hist.c

+++ b/rate_hist.c

@@ -37,8 +37,14 @@

 struct rate_hist *init_rate_histogram(const vpx_codec_enc_cfg_t *cfg,

                                       const vpx_rational_t *fps) {

   int i;

-  struct rate_hist *hist = malloc(sizeof(*hist));

+  struct rate_hist *hist = calloc(1, sizeof(*hist));

+  if (hist == NULL || cfg == NULL || fps == NULL || fps->num == 0 ||

+      fps->den == 0) {

+    destroy_rate_histogram(hist);

+    return NULL;

+  }

   // Determine the number of samples in the buffer. Use the file's framerate

   // to determine the number of frames in rc_buf_sz milliseconds, with an

   // adjustment (5/4) to account for alt-refs

@@ -80,7 +86,11 @@

                       (uint64_t)cfg->g_timebase.num /

                       (uint64_t)cfg->g_timebase.den;

-  int idx = hist->frames++ % hist->samples;

+  int idx;

+  if (hist == NULL || cfg == NULL || pkt == NULL) return;

+  idx = hist->frames++ % hist->samples;

   hist->pts[idx] = now;

   hist->sz[idx] = (int)pkt->data.frame.sz;

@@ -116,9 +126,14 @@

 static int merge_hist_buckets(struct hist_bucket *bucket, int max_buckets,

                               int *num_buckets) {

   int small_bucket = 0, merge_bucket = INT_MAX, big_bucket = 0;

-  int buckets = *num_buckets;

+  int buckets;

   int i;

+  assert(bucket != NULL);

+  assert(num_buckets != NULL);

+  buckets = *num_buckets;

   /* Find the extrema for this list of buckets */

   big_bucket = small_bucket = 0;

   for (i = 0; i < buckets; i++) {

@@ -181,6 +196,8 @@

   const char *pat1, *pat2;

   int i;

+  assert(bucket != NULL);

   switch ((int)(log(bucket[buckets - 1].high) / log(10)) + 1) {

     case 1:

     case 2:

@@ -258,6 +275,8 @@

                          int max_buckets) {

   int i, scale;

   int buckets = 0;

+  if (hist == NULL || cfg == NULL) return;

   for (i = 0; i < RATE_BINS; i++) {

     if (hist->bucket[i].low == INT_MAX) continue;