Commit bb146bb5 authored by Michael Niedermayer's avatar Michael Niedermayer Committed by Luca Barbato

ogg: prevent NULL pointer deference in theora gptopts

Additional safety in case a special ogg stream is crafted
with the proper number of

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent d1f05dd1
...@@ -131,8 +131,13 @@ theora_gptopts(AVFormatContext *ctx, int idx, uint64_t gp, int64_t *dts) ...@@ -131,8 +131,13 @@ theora_gptopts(AVFormatContext *ctx, int idx, uint64_t gp, int64_t *dts)
struct ogg *ogg = ctx->priv_data; struct ogg *ogg = ctx->priv_data;
struct ogg_stream *os = ogg->streams + idx; struct ogg_stream *os = ogg->streams + idx;
struct theora_params *thp = os->private; struct theora_params *thp = os->private;
uint64_t iframe = gp >> thp->gpshift; uint64_t iframe, pframe;
uint64_t pframe = gp & thp->gpmask;
if (!thp)
return AV_NOPTS_VALUE;
iframe = gp >> thp->gpshift;
pframe = gp & thp->gpmask;
if (thp->version < 0x030201) if (thp->version < 0x030201)
iframe++; iframe++;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment