Commit 4bde1a4a authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/mpegvideo: Fix null pointer dereference of picture array

Fixes: 0d0a2bace067d09c08f0fa5340496c23_signal_sigsegv_7ffff713351a_342_WobblyWindowsIntro.avi with memlimit of 67108864

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 503ec713
...@@ -524,7 +524,7 @@ int ff_mpeg_update_thread_context(AVCodecContext *dst, ...@@ -524,7 +524,7 @@ int ff_mpeg_update_thread_context(AVCodecContext *dst,
if(s->picture) if(s->picture)
for (i = 0; i < MAX_PICTURE_COUNT; i++) { for (i = 0; i < MAX_PICTURE_COUNT; i++) {
ff_mpeg_unref_picture(s->avctx, &s->picture[i]); ff_mpeg_unref_picture(s->avctx, &s->picture[i]);
if (s1->picture[i].f->buf[0] && if (s1->picture && s1->picture[i].f->buf[0] &&
(ret = ff_mpeg_ref_picture(s->avctx, &s->picture[i], &s1->picture[i])) < 0) (ret = ff_mpeg_ref_picture(s->avctx, &s->picture[i], &s1->picture[i])) < 0)
return ret; return ret;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment