From b86651a208ee67666a7305b002bc9f14b21dae7f Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <cehoyos@ag.or.at>
Date: Mon, 8 Jul 2013 00:34:58 +0200
Subject: [PATCH] Check the return value of ff_rv34_decode_init() in rv30.c and
 rv40.c

Avoids possible null pointer dereferences on oom.

Fixes ticket #2727.
---
 libavcodec/rv30.c | 5 ++++-
 libavcodec/rv40.c | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c
index f40870ee9d..48d769142c 100644
--- a/libavcodec/rv30.c
+++ b/libavcodec/rv30.c
@@ -248,9 +248,12 @@ static void rv30_loop_filter(RV34DecContext *r, int row)
 static av_cold int rv30_decode_init(AVCodecContext *avctx)
 {
     RV34DecContext *r = avctx->priv_data;
+    int ret;
 
     r->rv30 = 1;
-    ff_rv34_decode_init(avctx);
+    ret = ff_rv34_decode_init(avctx);
+    if (ret < 0)
+        return ret;
     if(avctx->extradata_size < 2){
         av_log(avctx, AV_LOG_ERROR, "Extradata is too small.\n");
         return -1;
diff --git a/libavcodec/rv40.c b/libavcodec/rv40.c
index d6dfc5e4b7..17574ee3ef 100644
--- a/libavcodec/rv40.c
+++ b/libavcodec/rv40.c
@@ -547,9 +547,12 @@ static void rv40_loop_filter(RV34DecContext *r, int row)
 static av_cold int rv40_decode_init(AVCodecContext *avctx)
 {
     RV34DecContext *r = avctx->priv_data;
+    int ret;
 
     r->rv30 = 0;
-    ff_rv34_decode_init(avctx);
+    ret = ff_rv34_decode_init(avctx);
+    if (ret < 0)
+        return ret;
     if(!aic_top_vlc.bits)
         rv40_init_tables();
     r->parse_slice_header = rv40_parse_slice_header;