[FFmpeg-cvslog] avcodec/vmdvideo: Fix NULL + 0
Andreas Rheinhardt
git at videolan.org
Thu Apr 1 17:12:22 EEST 2021
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Fri Mar 26 15:12:10 2021 +0100| [566bf56791ea96df2bbc334feec0f1cdfc93b2da] | committer: Andreas Rheinhardt
avcodec/vmdvideo: Fix NULL + 0
Affected the FATE tests filter-gradfun-sample and sierra-vmd-video.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=566bf56791ea96df2bbc334feec0f1cdfc93b2da
---
libavcodec/vmdvideo.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/libavcodec/vmdvideo.c b/libavcodec/vmdvideo.c
index c1dc5b9696..bb9306e4ff 100644
--- a/libavcodec/vmdvideo.c
+++ b/libavcodec/vmdvideo.c
@@ -194,7 +194,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
unsigned char len;
int ofs;
- int frame_x, frame_y;
+ int frame_x, frame_y, prev_linesize;
int frame_width, frame_height;
frame_x = AV_RL16(&s->buf[6]);
@@ -282,7 +282,13 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
}
dp = &frame->data[0][frame_y * frame->linesize[0] + frame_x];
- pp = &s->prev_frame->data[0][frame_y * s->prev_frame->linesize[0] + frame_x];
+ if (s->prev_frame->data[0]) {
+ prev_linesize = s->prev_frame->linesize[0];
+ pp = s->prev_frame->data[0] + frame_y * prev_linesize + frame_x;
+ } else {
+ pp = NULL;
+ prev_linesize = 0;
+ }
switch (meth) {
case 1:
for (i = 0; i < frame_height; i++) {
@@ -298,7 +304,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
ofs += len;
} else {
/* interframe pixel copy */
- if (ofs + len + 1 > frame_width || !s->prev_frame->data[0])
+ if (ofs + len + 1 > frame_width || !pp)
return AVERROR_INVALIDDATA;
memcpy(&dp[ofs], &pp[ofs], len + 1);
ofs += len + 1;
@@ -311,7 +317,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
return AVERROR_INVALIDDATA;
}
dp += frame->linesize[0];
- pp += s->prev_frame->linesize[0];
+ pp = FF_PTR_ADD(pp, prev_linesize);
}
break;
@@ -319,7 +325,6 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
for (i = 0; i < frame_height; i++) {
bytestream2_get_buffer(&gb, dp, frame_width);
dp += frame->linesize[0];
- pp += s->prev_frame->linesize[0];
}
break;
@@ -347,7 +352,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
}
} else {
/* interframe pixel copy */
- if (ofs + len + 1 > frame_width || !s->prev_frame->data[0])
+ if (ofs + len + 1 > frame_width || !pp)
return AVERROR_INVALIDDATA;
memcpy(&dp[ofs], &pp[ofs], len + 1);
ofs += len + 1;
@@ -360,7 +365,7 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
return AVERROR_INVALIDDATA;
}
dp += frame->linesize[0];
- pp += s->prev_frame->linesize[0];
+ pp = FF_PTR_ADD(pp, prev_linesize);
}
break;
}
More information about the ffmpeg-cvslog
mailing list