From 619aab2f41b11f289411b542e3816f90a9209438 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Sat, 10 Sep 2011 13:28:13 +0200
Subject: [PATCH] Fixed deference of NULL pointer in motionpixels decoder.

Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 69a0bce753a5d5556d5bc0888afe390e22611dd8)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
---
 libavcodec/motionpixels.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index ebc4b31201..54559350b8 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
     if (sz == 0)
         goto end;
 
-    init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+    if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+        goto end;
     mp_decode_frame_helper(mp, &gb);
     free_vlc(&mp->vlc);