asv1dec: check extradatasize before reading.
authorMichael Niedermayer <michaelni@gmx.at>
Sun, 22 Apr 2012 10:16:29 +0000 (12:16 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Sun, 22 Apr 2012 10:16:29 +0000 (12:16 +0200)
Fixes null ptr dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/asv1.c

index c6e0c53..702a59e 100644 (file)
@@ -553,8 +553,7 @@ static av_cold int decode_init(AVCodecContext *avctx){
     ff_init_scantable(a->dsp.idct_permutation, &a->scantable, scantab);
     avctx->pix_fmt= PIX_FMT_YUV420P;
 
-    a->inv_qscale= avctx->extradata[0];
-    if(a->inv_qscale == 0){
+    if(avctx->extradata_size < 1 || (a->inv_qscale= avctx->extradata[0]) == 0){
         av_log(avctx, AV_LOG_ERROR, "illegal qscale 0\n");
         if(avctx->codec_id == CODEC_ID_ASV1)
             a->inv_qscale= 6;