Commit 57e939d9 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()

This simply copies the "interframe without a prior keyframe" check
thats done later into vp7_decode_frame_header()
Found-by: 's avatarVittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent d5c9843c
...@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si ...@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
int alpha = (int8_t)vp8_rac_get_uint(c, 8); int alpha = (int8_t)vp8_rac_get_uint(c, 8);
int beta = (int8_t)vp8_rac_get_uint(c, 8); int beta = (int8_t)vp8_rac_get_uint(c, 8);
if (!s->keyframe && (alpha || beta)) { if (!s->keyframe && (alpha || beta)) {
if (!s->framep[VP56_FRAME_PREVIOUS] ||
!s->framep[VP56_FRAME_GOLDEN]) {
av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");
return AVERROR_INVALIDDATA;
}
/* preserve the golden frame */ /* preserve the golden frame */
if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) { if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) {
AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f; AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment