iff_ilbm: fix null ptr deref
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 28 May 2012 15:13:10 +0000 (17:13 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Sat, 9 Jun 2012 19:06:35 +0000 (21:06 +0200)
Fixes Ticket1362

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 849d4b041351ef8d77c4231cf417f997e79f9ab7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/iff.c

index 195ef10..9e74365 100644 (file)
@@ -176,7 +176,13 @@ static int extract_header(AVCodecContext *const avctx,
     const uint8_t *buf;
     unsigned buf_size;
     IffContext *s = avctx->priv_data;
-    int palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
+    int palette_size;
+
+    if (avctx->extradata_size < 2) {
+        av_log(avctx, AV_LOG_ERROR, "not enough extradata\n");
+        return AVERROR_INVALIDDATA;
+    }
+    palette_size = avctx->extradata_size - AV_RB16(avctx->extradata);
 
     if (avpkt) {
         int image_size;
@@ -192,8 +198,6 @@ static int extract_header(AVCodecContext *const avctx,
             return AVERROR_INVALIDDATA;
         }
     } else {
-        if (avctx->extradata_size < 2)
-            return AVERROR_INVALIDDATA;
         buf = avctx->extradata;
         buf_size = bytestream_get_be16(&buf);
         if (buf_size <= 1 || palette_size < 0) {