avcodec/rv34: fix crash while seeking on very damaged file
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 11 Jul 2014 03:34:13 +0000 (05:34 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 11 Jul 2014 03:34:13 +0000 (05:34 +0200)
Fixes null pointer dereference
Fixes Ticket2093

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/rv34.c

index 873ec3c..d82b41e 100644 (file)
@@ -1685,7 +1685,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
 
     /* first slice */
     if (si.start == 0) {
 
     /* first slice */
     if (si.start == 0) {
-        if (s->mb_num_left > 0) {
+        if (s->mb_num_left > 0 && s->current_picture_ptr) {
             av_log(avctx, AV_LOG_ERROR, "New frame but still %d MB left.\n",
                    s->mb_num_left);
             ff_er_frame_end(&s->er);
             av_log(avctx, AV_LOG_ERROR, "New frame but still %d MB left.\n",
                    s->mb_num_left);
             ff_er_frame_end(&s->er);