avutil/frame: Copy size=0 side data in ff_init_buffer_info()

Fixes null pointer dereference Fixes: 189/FOO Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-11-16 20:32:26 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-11-16 21:25:45 +0100
commit: 2acee08a4a53b6c8f5fc160e6d6da92f77208a06 (patch)
tree: 62718803ee942607ff738b0df24bd4289062c486
parent: 3c0328d58d98664b05efdd377d3fe66a569d385e (diff)
download: ffmpeg-2acee08a4a53b6c8f5fc160e6d6da92f77208a06.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavutil/frame.c b/libavutil/frame.c
index 53e6174223..9050946c48 100644
--- a/libavutil/frame.c
+++ b/libavutil/frame.c
@@ -349,6 +349,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
                 wipe_side_data(dst);
                 return AVERROR(ENOMEM);
             }
+            if (sd_src->buf) {
             sd_dst->buf = av_buffer_ref(sd_src->buf);
             if (!sd_dst->buf) {
                 wipe_side_data(dst);
@@ -356,6 +357,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
             }
             sd_dst->data = sd_dst->buf->data;
             sd_dst->size = sd_dst->buf->size;
+            }
         }
         av_dict_copy(&sd_dst->metadata, sd_src->metadata, 0);
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2016-11-16 20:32:26 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-11-16 21:25:45 +0100
commit	2acee08a4a53b6c8f5fc160e6d6da92f77208a06 (patch)
tree	62718803ee942607ff738b0df24bd4289062c486
parent	3c0328d58d98664b05efdd377d3fe66a569d385e (diff)
download	ffmpeg-2acee08a4a53b6c8f5fc160e6d6da92f77208a06.tar.gz