[FFmpeg-cvslog] avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Mar 27 04:40:48 2014 +0100| [57e939d963800f8e6977d0238e6116c7d1b53315] | committer: Michael Niedermayer

avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()

This simply copies the "interframe without a prior keyframe" check
thats done later into vp7_decode_frame_header()

Found-by: Vittorio Giovara <vittorio.giovara at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57e939d963800f8e6977d0238e6116c7d1b53315
---

 libavcodec/vp8.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 0c2f503..45a19a0 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
         int alpha = (int8_t)vp8_rac_get_uint(c, 8);
         int beta  = (int8_t)vp8_rac_get_uint(c, 8);
         if (!s->keyframe && (alpha || beta)) {
+
+            if (!s->framep[VP56_FRAME_PREVIOUS] ||
+                !s->framep[VP56_FRAME_GOLDEN]) {
+                av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             /* preserve the golden frame */
             if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) {
                 AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;