Fixed deference of NULL pointer in motionpixels decoder.

Some of the arguments given to init_vlc() come from the stream and can be corrupted. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 69a0bce753a5d5556d5bc0888afe390e22611dd8) Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Laurent Aimar <fenrir@videolan.org> 2011-09-10 13:28:13 +0200
committer: Reinhard Tartler <siretart@tauware.de> 2012-03-18 17:50:30 +0100
commit: 619aab2f41b11f289411b542e3816f90a9209438 (patch)
tree: 0b3838f0a220e8c3b5c8f2ec28041819be04dc3e
parent: 8099d77ca4e7f1afb3315eae0cf3777644238a96 (diff)
download: ffmpeg-619aab2f41b11f289411b542e3816f90a9209438.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index ebc4b31201..54559350b8 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
     if (sz == 0)
         goto end;
 
-    init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+    if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+        goto end;
     mp_decode_frame_helper(mp, &gb);
     free_vlc(&mp->vlc);
author	Laurent Aimar <fenrir@videolan.org>	2011-09-10 13:28:13 +0200
committer	Reinhard Tartler <siretart@tauware.de>	2012-03-18 17:50:30 +0100
commit	619aab2f41b11f289411b542e3816f90a9209438 (patch)
tree	0b3838f0a220e8c3b5c8f2ec28041819be04dc3e
parent	8099d77ca4e7f1afb3315eae0cf3777644238a96 (diff)
download	ffmpeg-619aab2f41b11f289411b542e3816f90a9209438.tar.gz