From 5c71166dffb49510092bf87f271b6ea590acd1f1 Mon Sep 17 00:00:00 2001
From: magjed <magjed@webrtc.org>
Date: Fri, 2 Dec 2016 02:46:18 -0800
Subject: [PATCH] VP8DecoderImpl: Fix uninitialized memory crash

It is not safe to call vpx_codec_destroy if vpx_codec_dec_init failed,
because the |decoder_| memory will be uninitialized. See the bug for
more info.

BUG=chromium:663293

Review-Url: https://codereview.webrtc.org/2541163007
Cr-Commit-Position: refs/heads/master@{#15381}
---
 webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc b/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
index 9fd5f6587a..df0e40929f 100644
--- a/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
+++ b/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
@@ -1022,6 +1022,7 @@ int VP8DecoderImpl::InitDecode(const VideoCodec* inst, int number_of_cores) {
   }
   if (decoder_ == NULL) {
     decoder_ = new vpx_codec_ctx_t;
+    memset(decoder_, 0, sizeof(*decoder_));
   }
   if (inst && inst->codecType == kVideoCodecVP8) {
     feedback_mode_ = inst->VP8().feedbackModeOn;
@@ -1038,6 +1039,8 @@ int VP8DecoderImpl::InitDecode(const VideoCodec* inst, int number_of_cores) {
 #endif
 
   if (vpx_codec_dec_init(decoder_, vpx_codec_vp8_dx(), &cfg, flags)) {
+    delete decoder_;
+    decoder_ = nullptr;
     return WEBRTC_VIDEO_CODEC_MEMORY;
   }