Commit bce2ed55 authored by Michael Niedermayer's avatar Michael Niedermayer

smvjpegdec: only extract picture when a picture has been decoded.

Fixes null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 369684f1
...@@ -36,6 +36,7 @@ typedef struct SMVJpegDecodeContext { ...@@ -36,6 +36,7 @@ typedef struct SMVJpegDecodeContext {
AVFrame *picture[2]; /* pictures array */ AVFrame *picture[2]; /* pictures array */
AVCodecContext* avctx; AVCodecContext* avctx;
int frames_per_jpeg; int frames_per_jpeg;
int mjpeg_data_size;
} SMVJpegDecodeContext; } SMVJpegDecodeContext;
static inline void smv_img_pnt_plane(uint8_t **dst, uint8_t *src, static inline void smv_img_pnt_plane(uint8_t **dst, uint8_t *src,
...@@ -131,9 +132,10 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz ...@@ -131,9 +132,10 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz
/* Are we at the start of a block? */ /* Are we at the start of a block? */
if (!cur_frame) if (!cur_frame)
ret = avcodec_decode_video2(s->avctx, mjpeg_data, data_size, avpkt); ret = avcodec_decode_video2(s->avctx, mjpeg_data, &s->mjpeg_data_size, avpkt);
else /*use the last lot... */
*data_size = sizeof(AVPicture); /*use the last lot... */
*data_size = s->mjpeg_data_size;
avctx->pix_fmt = s->avctx->pix_fmt; avctx->pix_fmt = s->avctx->pix_fmt;
...@@ -142,6 +144,7 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz ...@@ -142,6 +144,7 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz
avcodec_set_dimensions(avctx, mjpeg_data->width, avcodec_set_dimensions(avctx, mjpeg_data->width,
mjpeg_data->height / s->frames_per_jpeg); mjpeg_data->height / s->frames_per_jpeg);
if (*data_size) {
s->picture[1]->extended_data = NULL; s->picture[1]->extended_data = NULL;
s->picture[1]->width = avctx->width; s->picture[1]->width = avctx->width;
s->picture[1]->height = avctx->height; s->picture[1]->height = avctx->height;
...@@ -153,6 +156,7 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz ...@@ -153,6 +156,7 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz
s->picture[1]->linesize[i] = mjpeg_data->linesize[i]; s->picture[1]->linesize[i] = mjpeg_data->linesize[i];
ret = av_frame_ref(data, s->picture[1]); ret = av_frame_ref(data, s->picture[1]);
}
return ret; return ret;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment