avcodec/vp7: Fix null pointer dereference in vp7_decode_frame_header()

This simply copies the "interframe without a prior keyframe" check
thats done later into vp7_decode_frame_header()

Found-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

1 files changed, 7 insertions, 0 deletions

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 0c2f503ac6..45a19a04e4 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
         int alpha = (int8_t)vp8_rac_get_uint(c, 8);
         int beta  = (int8_t)vp8_rac_get_uint(c, 8);
         if (!s->keyframe && (alpha || beta)) {
+
+            if (!s->framep[VP56_FRAME_PREVIOUS] ||
+                !s->framep[VP56_FRAME_GOLDEN]) {
+                av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             /* preserve the golden frame */
             if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) {
                 AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;