[FFmpeg-cvslog] avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()

Michael Niedermayer git at videolan.org
Fri Apr 13 02:58:17 EEST 2018


ffmpeg | branch: release/3.3 | Michael Niedermayer <michael at niedermayer.cc> | Sun Mar 25 01:51:28 2018 +0100| [d79b274acc3a608358c0cd1ffe8ebd92bf108480] | committer: Michael Niedermayer

avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()

Fixes: 2018_03_23_poc.wav
Found-by: GwanYeong Kim <gy741.kim at gmail.com>

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ea15915b2dc5aaa80c91879fbd183475a7e66e54)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d79b274acc3a608358c0cd1ffe8ebd92bf108480
---

 libavcodec/wmalosslessdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index 59e8929586..eb1db615ae 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -1256,7 +1256,9 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr,
             (frame_size = show_bits(gb, s->log2_frame_size)) &&
             frame_size <= remaining_bits(s, gb)) {
             save_bits(s, gb, frame_size, 0);
-            s->packet_done = !decode_frame(s);
+
+            if (!s->packet_loss)
+                s->packet_done = !decode_frame(s);
         } else if (!s->len_prefix
                    && s->num_saved_bits > get_bits_count(&s->gb)) {
             /* when the frames do not have a length prefix, we don't know the



More information about the ffmpeg-cvslog mailing list