Commit c7a76056 authored by Michael Niedermayer's avatar Michael Niedermayer

wmaprodec: Fix null pointer dereference in decode_frame()

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent e9e207ec
...@@ -1581,7 +1581,8 @@ static int decode_packet(AVCodecContext *avctx, void *data, ...@@ -1581,7 +1581,8 @@ static int decode_packet(AVCodecContext *avctx, void *data,
(frame_size = show_bits(gb, s->log2_frame_size)) && (frame_size = show_bits(gb, s->log2_frame_size)) &&
frame_size <= remaining_bits(s, gb)) { frame_size <= remaining_bits(s, gb)) {
save_bits(s, gb, frame_size, 0); save_bits(s, gb, frame_size, 0);
s->packet_done = !decode_frame(s, data, got_frame_ptr); if (!s->packet_loss)
s->packet_done = !decode_frame(s, data, got_frame_ptr);
} else if (!s->len_prefix } else if (!s->len_prefix
&& s->num_saved_bits > get_bits_count(&s->gb)) { && s->num_saved_bits > get_bits_count(&s->gb)) {
/** when the frames do not have a length prefix, we don't know /** when the frames do not have a length prefix, we don't know
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment