[FFmpeg-cvslog] indeo5: dont run the wavelet transform over partially decoded bands.
Michael Niedermayer
git at videolan.org
Tue Apr 17 20:28:40 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Apr 17 20:02:13 2012 +0200| [a66675268f63dd6794ce946c7edbcb8b49ae0f13] | committer: Michael Niedermayer
indeo5: dont run the wavelet transform over partially decoded bands.
This fixes a null pointer dereference.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a66675268f63dd6794ce946c7edbcb8b49ae0f13
---
libavcodec/indeo5.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index b35486b..5614e80 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -78,6 +78,7 @@ typedef struct {
IVIPicConfig pic_conf;
int gop_invalid;
+ int buf_invalid[3];
} IVI5DecContext;
@@ -797,6 +798,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
//{ START_TIMER;
if (ctx->frame_type != FRAMETYPE_NULL) {
+ ctx->buf_invalid[ctx->dst_buf] = 1;
for (p = 0; p < 3; p++) {
for (b = 0; b < ctx->planes[p].num_bands; b++) {
result = decode_band(ctx, p, &ctx->planes[p].bands[b], avctx);
@@ -807,7 +809,10 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
}
}
}
+ ctx->buf_invalid[ctx->dst_buf] = 0;
}
+ if (ctx->buf_invalid[ctx->dst_buf])
+ return -1;
//STOP_TIMER("decode_planes"); }
More information about the ffmpeg-cvslog
mailing list