[FFmpeg-cvslog] Fixed deference of NULL pointer in motionpixels decoder.

Laurent Aimar git at videolan.org
Fri Oct 7 03:49:15 CEST 2011


ffmpeg | branch: master | Laurent Aimar <fenrir at videolan.org> | Sat Sep 10 13:28:13 2011 +0200| [69a0bce753a5d5556d5bc0888afe390e22611dd8] | committer: Janne Grunau

Fixed deference of NULL pointer in motionpixels decoder.

Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav at jannau.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69a0bce753a5d5556d5bc0888afe390e22611dd8
---

 libavcodec/motionpixels.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index 21e1bda..9589b4c 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
     if (sz == 0)
         goto end;
 
-    init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+    if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+        goto end;
     mp_decode_frame_helper(mp, &gb);
     free_vlc(&mp->vlc);
 



More information about the ffmpeg-cvslog mailing list