[FFmpeg-cvslog] avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()

Michael Niedermayer git at videolan.org
Tue Jul 10 12:04:12 EEST 2018


ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Sun Mar 25 01:51:28 2018 +0100| [367d459f78c1cecce1d1a8e5bbe6a8b908de3e2f] | committer: Michael Niedermayer

avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()

Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=367d459f78c1cecce1d1a8e5bbe6a8b908de3e2f
---

 libavcodec/wmalosslessdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index 7e2d5da4bf..5d82f0e74c 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -1238,7 +1238,9 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr,
             (frame_size = show_bits(gb, s->log2_frame_size)) &&
             frame_size <= remaining_bits(s, gb)) {
             save_bits(s, gb, frame_size, 0);
-            s->packet_done = !decode_frame(s);
+
+            if (!s->packet_loss)
+                s->packet_done = !decode_frame(s);
         } else if (!s->len_prefix
                    && s->num_saved_bits > get_bits_count(&s->gb)) {
             /* when the frames do not have a length prefix, we don't know the



More information about the ffmpeg-cvslog mailing list