avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
authorMichael Niedermayer <michael@niedermayer.cc>
Sun, 25 Mar 2018 00:51:28 +0000 (01:51 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 9 Jul 2018 23:18:52 +0000 (01:18 +0200)
Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/wmalosslessdec.c

index 7e2d5da..5d82f0e 100644 (file)
@@ -1238,7 +1238,9 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr,
             (frame_size = show_bits(gb, s->log2_frame_size)) &&
             frame_size <= remaining_bits(s, gb)) {
             save_bits(s, gb, frame_size, 0);
-            s->packet_done = !decode_frame(s);
+
+            if (!s->packet_loss)
+                s->packet_done = !decode_frame(s);
         } else if (!s->len_prefix
                    && s->num_saved_bits > get_bits_count(&s->gb)) {
             /* when the frames do not have a length prefix, we don't know the