vc1dec: ensure cbpcy_vlc has been set before decoding a frame.
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 12 Jan 2013 02:40:54 +0000 (03:40 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Sat, 12 Jan 2013 03:09:21 +0000 (04:09 +0100)
Fixes null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/vc1dec.c

index fa25161..7be1c8c 100644 (file)
@@ -5711,6 +5711,10 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
                 av_log(v->s.avctx, AV_LOG_ERROR, "end mb y %d %d invalid\n", s->end_mb_y, s->start_mb_y);
                 continue;
             }
+            if (!v->p_frame_skipped && s->pict_type != AV_PICTURE_TYPE_I && !v->cbpcy_vlc) {
+                av_log(v->s.avctx, AV_LOG_ERROR, "missing cbpcy_vlc\n");
+                continue;
+            }
             ff_vc1_decode_blocks(v);
             if (i != n_slices)
                 s->gb = slices[i].gb;