From 6d81b0862963d5e527ea1b976a61829f086a1913 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Sun, 20 Apr 2025 20:32:20 +0200
Subject: [PATCH 09/13] avcodec/webp: Check before allocations

Avoids freeing lateron.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/webp.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 2c918eac33..2843b953bd 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -341,30 +341,29 @@ static int read_huffman_code_normal(WebPContext *s, HuffReader *hc,
         len_counts[len]++;
     }
 
-    ret = huff_reader_build_canonical(&code_len_hc, code_length_code_lengths, len_counts,
-                                      NUM_CODE_LENGTH_CODES, s->avctx);
-    if (ret < 0)
-        return ret;
-
-    code_lengths = av_malloc(alphabet_size);
-    if (!code_lengths) {
-        ret = AVERROR(ENOMEM);
-        goto finish;
-    }
-
     if (get_bits1(&s->gb)) {
         int bits   = 2 + 2 * get_bits(&s->gb, 3);
         max_symbol = 2 + get_bits(&s->gb, bits);
         if (max_symbol > alphabet_size) {
             av_log(s->avctx, AV_LOG_ERROR, "max symbol %d > alphabet size %d\n",
                    max_symbol, alphabet_size);
-            ret = AVERROR_INVALIDDATA;
-            goto finish;
+            return AVERROR_INVALIDDATA;
         }
     } else {
         max_symbol = alphabet_size;
     }
 
+    ret = huff_reader_build_canonical(&code_len_hc, code_length_code_lengths, len_counts,
+                                      NUM_CODE_LENGTH_CODES, s->avctx);
+    if (ret < 0)
+        return ret;
+
+    code_lengths = av_malloc(alphabet_size);
+    if (!code_lengths) {
+        ret = AVERROR(ENOMEM);
+        goto finish;
+    }
+
     prev_code_len = 8;
     symbol        = 0;
     memset(len_counts, 0, sizeof(len_counts));
-- 
2.45.2