[FFmpeg-cvslog] Fixed deference of NULL pointer in motionpixels decoder.
Laurent Aimar
git at videolan.org
Mon Mar 19 05:30:25 CET 2012
ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Sat Sep 10 13:28:13 2011 +0200| [619aab2f41b11f289411b542e3816f90a9209438] | committer: Reinhard Tartler
Fixed deference of NULL pointer in motionpixels decoder.
Some of the arguments given to init_vlc() come from the stream
and can be corrupted.
Signed-off-by: Janne Grunau <janne-libav at jannau.net>
(cherry picked from commit 69a0bce753a5d5556d5bc0888afe390e22611dd8)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=619aab2f41b11f289411b542e3816f90a9209438
---
libavcodec/motionpixels.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index ebc4b31..5455935 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
if (sz == 0)
goto end;
- init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+ if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+ goto end;
mp_decode_frame_helper(mp, &gb);
free_vlc(&mp->vlc);
More information about the ffmpeg-cvslog
mailing list