pngdec: check if previous frame exists instead of trusting sequence_number

This fixes a segmentation fault caused by calling memcpy with NULL as second argument in handle_p_frame_apng. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-25 22:09:51 +0100
committer: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-27 23:46:30 +0100
commit: 801b5c18c7beefbb894ad4de20d1b591ddb22198 (patch)
tree: 281b61a0110bc40ab9c3aaa5af27685dfebe627f /libavcodec
parent: 55997d50431c0e1033c98d24a51154b93f82b60e (diff)
download: ffmpeg-801b5c18c7beefbb894ad4de20d1b591ddb22198.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 36275ae43f..2f8d266c27 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -922,7 +922,8 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s,
         return AVERROR_INVALIDDATA;
     }
 
-    if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
+    if ((sequence_number == 0 || !s->previous_picture.f->data[0]) &&
+        dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
         // No previous frame to revert to for the first frame
         // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND
         dispose_op = APNG_DISPOSE_OP_BACKGROUND;
author	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-25 22:09:51 +0100
committer	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 23:46:30 +0100
commit	801b5c18c7beefbb894ad4de20d1b591ddb22198 (patch)
tree	281b61a0110bc40ab9c3aaa5af27685dfebe627f /libavcodec
parent	55997d50431c0e1033c98d24a51154b93f82b60e (diff)
download	ffmpeg-801b5c18c7beefbb894ad4de20d1b591ddb22198.tar.gz