vc1dec: ensure cbpcy_vlc has been set before decoding a frame.

Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-01-12 03:40:54 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-01-12 04:09:21 +0100
commit: cc548ea7a60355e15ed78431a55a896db074aa11 (patch)
tree: cee482185ec08be47e9cd26cb745811e8bb569d9 /libavcodec/vc1dec.c
parent: 68329388bb3d7715a6b90d9369a167491283b84f (diff)
download: ffmpeg-cc548ea7a60355e15ed78431a55a896db074aa11.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index fa25161d75..7be1c8cbab 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -5711,6 +5711,10 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
                 av_log(v->s.avctx, AV_LOG_ERROR, "end mb y %d %d invalid\n", s->end_mb_y, s->start_mb_y);
                 continue;
             }
+            if (!v->p_frame_skipped && s->pict_type != AV_PICTURE_TYPE_I && !v->cbpcy_vlc) {
+                av_log(v->s.avctx, AV_LOG_ERROR, "missing cbpcy_vlc\n");
+                continue;
+            }
             ff_vc1_decode_blocks(v);
             if (i != n_slices)
                 s->gb = slices[i].gb;
author	Michael Niedermayer <michaelni@gmx.at>	2013-01-12 03:40:54 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-01-12 04:09:21 +0100
commit	cc548ea7a60355e15ed78431a55a896db074aa11 (patch)
tree	cee482185ec08be47e9cd26cb745811e8bb569d9 /libavcodec/vc1dec.c
parent	68329388bb3d7715a6b90d9369a167491283b84f (diff)
download	ffmpeg-cc548ea7a60355e15ed78431a55a896db074aa11.tar.gz