virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/vc1dec: Check source picture availability in vc1_mc_4mv_chroma4()

Browse Source 
Fixes null pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-06-15 13:10:43 +02:00
parent 1ba196a10d
commit 6c4516d041
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/vc1dec.c
View File

@ -1001,16 +1001,20 @@ static void vc1_mc_4mv_chroma4(VC1Context *v, int dir, int dir2, int avg)
uvsrc_x = av_clip(uvsrc_x, -8, s->avctx->coded_width >> 1); uvsrc_x = av_clip(uvsrc_x, -8, s->avctx->coded_width >> 1);
uvsrc_y = av_clip(uvsrc_y, -8, s->avctx->coded_height >> 1); uvsrc_y = av_clip(uvsrc_y, -8, s->avctx->coded_height >> 1);
if (i < 2 ? dir : dir2) { if (i < 2 ? dir : dir2) {
srcU = s->next_picture.f.data[1] + uvsrc_y * s->uvlinesize + uvsrc_x; srcU = s->next_picture.f.data[1];
srcV = s->next_picture.f.data[2] + uvsrc_y * s->uvlinesize + uvsrc_x; srcV = s->next_picture.f.data[2];
lutuv = v->next_lutuv; lutuv = v->next_lutuv;
use_ic = v->next_use_ic; use_ic = v->next_use_ic;
} else { } else {
srcU = s->last_picture.f.data[1] + uvsrc_y * s->uvlinesize + uvsrc_x; srcU = s->last_picture.f.data[1];
srcV = s->last_picture.f.data[2] + uvsrc_y * s->uvlinesize + uvsrc_x; srcV = s->last_picture.f.data[2];
lutuv = v->last_lutuv; lutuv = v->last_lutuv;
use_ic = v->last_use_ic; use_ic = v->last_use_ic;
} }
if (!srcU)
return;
srcU += uvsrc_y * s->uvlinesize + uvsrc_x;
srcV += uvsrc_y * s->uvlinesize + uvsrc_x;
uvmx_field[i] = (uvmx_field[i] & 3) << 1; uvmx_field[i] = (uvmx_field[i] & 3) << 1;
uvmy_field[i] = (uvmy_field[i] & 3) << 1; uvmy_field[i] = (uvmy_field[i] & 3) << 1;