aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJanne Grunau <janne-libav@jannau.net>2012-01-23 21:33:34 +0100
committerReinhard Tartler <siretart@tauware.de>2013-01-04 07:43:37 +0100
commit8148833193c6773b3db9b1759e62c2295d487ec7 (patch)
treed72c65f496463d16a3207ee70eb2c4cfb185f9e2
parent3c0f84402b2b12a9982e59d584768a3a5ef454f5 (diff)
downloadffmpeg-8148833193c6773b3db9b1759e62c2295d487ec7.tar.gz
indeo5: prevent null pointer dereference on broken files
Found by John Villamil <johnv@matasano.com> (cherry picked from commit 366ac22ea5a8bab63c7f46cdad2ddb2ff22cdbed) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
-rw-r--r--libavcodec/indeo5.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index ba1bc18eff..c3f73ea1f5 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -453,6 +453,10 @@ static int decode_mb_info(IVI5DecContext *ctx, IVIBandDesc *band,
ref_mb = tile->ref_mbs;
offs = tile->ypos * band->pitch + tile->xpos;
+ if (!ref_mb &&
+ ((band->qdelta_present && band->inherit_qdelta) || band->inherit_mv))
+ return AVERROR_INVALIDDATA;
+
/* scale factor for motion vectors */
mv_scale = (ctx->planes[0].bands[0].mb_size >> 3) - (band->mb_size >> 3);
mv_x = mv_y = 0;