Module: libav Branch: master Commit: 69a0bce753a5d5556d5bc0888afe390e22611dd8
Author: Laurent Aimar <[email protected]> Committer: Janne Grunau <[email protected]> Date: Sat Sep 10 13:28:13 2011 +0200 Fixed deference of NULL pointer in motionpixels decoder. Some of the arguments given to init_vlc() come from the stream and can be corrupted. Signed-off-by: Janne Grunau <[email protected]> --- libavcodec/motionpixels.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index 21e1bda..9589b4c 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx, if (sz == 0) goto end; - init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0); + if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0)) + goto end; mp_decode_frame_helper(mp, &gb); free_vlc(&mp->vlc); _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
