[FFmpeg-cvslog] zmbv: Fix keyframe fault protextion.

Michael Niedermayer git at videolan.org
Sat Dec 3 04:50:41 CET 2011


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Dec  3 04:42:36 2011 +0100| [3eb6e14618a935d44f6664a1a7da4f1c482e845a] | committer: Michael Niedermayer

zmbv: Fix keyframe fault protextion.
Fixes zzuf -s467 -r0.001 cat samples/zmbv/wc2_001-partial.avi

Bug-found-by: darkshikari
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3eb6e14618a935d44f6664a1a7da4f1c482e845a
---

 libavcodec/zmbv.c |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c
index 2694a4c..39549c9 100644
--- a/libavcodec/zmbv.c
+++ b/libavcodec/zmbv.c
@@ -415,6 +415,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
     c->flags = buf[0];
     buf++; len--;
     if(c->flags & ZMBV_KEYFRAME) {
+        void *decode_intra = NULL;
+        c->decode_intra= NULL;
         hi_ver = buf[0];
         lo_ver = buf[1];
         c->comp = buf[2];
@@ -441,29 +443,28 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
         switch(c->fmt) {
         case ZMBV_FMT_8BPP:
             c->bpp = 8;
-            c->decode_intra = zmbv_decode_intra;
+            decode_intra = zmbv_decode_intra;
             c->decode_xor = zmbv_decode_xor_8;
             break;
         case ZMBV_FMT_15BPP:
         case ZMBV_FMT_16BPP:
             c->bpp = 16;
-            c->decode_intra = zmbv_decode_intra;
+            decode_intra = zmbv_decode_intra;
             c->decode_xor = zmbv_decode_xor_16;
             break;
 #ifdef ZMBV_ENABLE_24BPP
         case ZMBV_FMT_24BPP:
             c->bpp = 24;
-            c->decode_intra = zmbv_decode_intra;
+            decode_intra = zmbv_decode_intra;
             c->decode_xor = zmbv_decode_xor_24;
             break;
 #endif //ZMBV_ENABLE_24BPP
         case ZMBV_FMT_32BPP:
             c->bpp = 32;
-            c->decode_intra = zmbv_decode_intra;
+            decode_intra = zmbv_decode_intra;
             c->decode_xor = zmbv_decode_xor_32;
             break;
         default:
-            c->decode_intra = NULL;
             c->decode_xor = NULL;
             av_log(avctx, AV_LOG_ERROR, "Unsupported (for now) format %i\n", c->fmt);
             return -1;
@@ -479,6 +480,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
         c->prev = av_realloc(c->prev, avctx->width * avctx->height * (c->bpp / 8));
         c->bx = (c->width + c->bw - 1) / c->bw;
         c->by = (c->height+ c->bh - 1) / c->bh;
+        if(!c->cur || !c->prev)
+            return -1;
+        c->decode_intra= decode_intra;
     }
 
     if(c->decode_intra == NULL) {



More information about the ffmpeg-cvslog mailing list