avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()

This simply copies the "interframe without a prior keyframe" check thats done later into vp7_decode_frame_header() Found-by: N Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: N Michael Niedermayer <michaelni@gmx.at>

avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()
This simply copies the "interframe without a prior keyframe" check thats done later into vp7_decode_frame_header() Found-by: N Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: N Michael Niedermayer <michaelni@gmx.at>
57e939d9 · Michael Niedermayer · d5c9843c · 57e939d9
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

libavcodec/vp8.c libavcodec/vp8.c +7 -0

未找到文件。
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
        int alpha = (int8_t)vp8_rac_get_uint(c, 8);
        int beta  = (int8_t)vp8_rac_get_uint(c, 8);
        if (!s->keyframe && (alpha || beta)) {
+
+            if (!s->framep[VP56_FRAME_PREVIOUS] ||
+                !s->framep[VP56_FRAME_GOLDEN]) {
+                av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");
+                return AVERROR_INVALIDDATA;
+            }
+
            /* preserve the golden frame */
            if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) {
                AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;