indeo5: prevent null pointer dereference on broken files

author Janne Grunau <janne-libav@jannau.net>

Mon, 23 Jan 2012 20:33:34 +0000 (21:33 +0100)

committer Janne Grunau <janne-libav@jannau.net>

Wed, 25 Jan 2012 13:31:57 +0000 (14:31 +0100)
author Janne Grunau <janne-libav@jannau.net>
Mon, 23 Jan 2012 20:33:34 +0000 (21:33 +0100)
committer Janne Grunau <janne-libav@jannau.net>
Wed, 25 Jan 2012 13:31:57 +0000 (14:31 +0100)
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c

index 019fa2b..5263251 100644 (file)
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -453,6 +453,10 @@ static int decode_mb_info(IVI5DecContext *ctx, IVIBandDesc *band,
      ref_mb = tile->ref_mbs;
      offs   = tile->ypos * band->pitch + tile->xpos;
  
+    if (!ref_mb &&
+        ((band->qdelta_present && band->inherit_qdelta) || band->inherit_mv))
+        return AVERROR_INVALIDDATA;
+
      /* scale factor for motion vectors */
      mv_scale = (ctx->planes[0].bands[0].mb_size >> 3) - (band->mb_size >> 3);
      mv_x = mv_y = 0;
author	Janne Grunau <janne-libav@jannau.net>
	Mon, 23 Jan 2012 20:33:34 +0000 (21:33 +0100)
committer	Janne Grunau <janne-libav@jannau.net>
	Wed, 25 Jan 2012 13:31:57 +0000 (14:31 +0100)