highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bink: Prevent NULL dereferences with missing reference frame

Browse Source 
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit c7e631986b4a326a71a20a1a51000f3fbf6e64e7)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Laurent Aimar 2011-09-27 22:15:31 +00:00 committed by Reinhard Tartler
parent d646cce15f
commit c5766b55c4
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/bink.c
View File

@ -948,8 +948,9 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
for (i = 0; i < BINK_NB_SRC; i++)
read_bundle(gb, c, i);
ref_start = c->last.data[plane_idx];
ref_end = c->last.data[plane_idx]
ref_start = c->last.data[plane_idx] ? c->last.data[plane_idx]
: c->pic.data[plane_idx];
ref_end = ref_start
+ (bw - 1 + c->last.linesize[plane_idx] * (bh - 1)) * 8;
for (i = 0; i < 64; i++)
@ -978,7 +979,8 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
if (by == bh)
break;
dst = c->pic.data[plane_idx] + 8*by*stride;
prev = c->last.data[plane_idx] + 8*by*stride;
prev = (c->last.data[plane_idx] ? c->last.data[plane_idx]
: c->pic.data[plane_idx]) + 8*by*stride;
for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
blk = get_value(c, BINK_SRC_BLOCK_TYPES);
// 16x16 block type on odd line means part of the already decoded block, so skip it