[FFmpeg-cvslog] Prevent NULL dereferences when the previous frame is missing in vmd video decoder .

Laurent Aimar git at videolan.org
Sun Sep 25 00:24:09 CEST 2011


ffmpeg | branch: master | Laurent Aimar <fenrir at videolan.org> | Sat Sep 24 23:16:19 2011 +0200| [6a6383bebcb03a785797007031ad1c9786a508a5] | committer: Michael Niedermayer

Prevent NULL dereferences when the previous frame is missing in vmd video decoder.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a6383bebcb03a785797007031ad1c9786a508a5
---

 libavcodec/vmdav.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index 202cbc4..c335145 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -226,8 +226,9 @@ static void vmd_decode(VmdVideoContext *s)
 
     /* if only a certain region will be updated, copy the entire previous
      * frame before the decode */
-    if (frame_x || frame_y || (frame_width != s->avctx->width) ||
-        (frame_height != s->avctx->height)) {
+    if (s->prev_frame.data[0] &&
+        (frame_x || frame_y || (frame_width != s->avctx->width) ||
+        (frame_height != s->avctx->height))) {
 
         memcpy(s->frame.data[0], s->prev_frame.data[0],
             s->avctx->height * s->frame.linesize[0]);
@@ -272,7 +273,7 @@ static void vmd_decode(VmdVideoContext *s)
                         ofs += len;
                     } else {
                         /* interframe pixel copy */
-                        if (ofs + len + 1 > frame_width)
+                        if (ofs + len + 1 > frame_width || !s->prev_frame.data[0])
                             return;
                         memcpy(&dp[ofs], &pp[ofs], len + 1);
                         ofs += len + 1;
@@ -312,7 +313,7 @@ static void vmd_decode(VmdVideoContext *s)
                         ofs += len;
                     } else {
                         /* interframe pixel copy */
-                        if (ofs + len + 1 > frame_width)
+                        if (ofs + len + 1 > frame_width || !s->prev_frame.data[0])
                             return;
                         memcpy(&dp[ofs], &pp[ofs], len + 1);
                         ofs += len + 1;



More information about the ffmpeg-cvslog mailing list