vc1: prevent null pointer dereference on broken files

author Janne Grunau <janne-libav@jannau.net>

Wed, 25 Jan 2012 14:49:54 +0000 (15:49 +0100)

committer Janne Grunau <janne-libav@jannau.net>

Wed, 1 Feb 2012 11:54:39 +0000 (12:54 +0100)
author Janne Grunau <janne-libav@jannau.net>
Wed, 25 Jan 2012 14:49:54 +0000 (15:49 +0100)
committer Janne Grunau <janne-libav@jannau.net>
Wed, 1 Feb 2012 11:54:39 +0000 (12:54 +0100)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c

index 325cc64..417bd04 100644 (file)
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -5709,7 +5709,7 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
              if (!v->field_mode || v->second_field)
                  s->end_mb_y = (i == n_slices     ) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height);
              else
-                s->end_mb_y = (i == n_slices1 + 1) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height);
+                s->end_mb_y = (i <= n_slices1 + 1) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height);
              vc1_decode_blocks(v);
              if (i != n_slices)
                  s->gb = slices[i].gb;
author	Janne Grunau <janne-libav@jannau.net>
	Wed, 25 Jan 2012 14:49:54 +0000 (15:49 +0100)
committer	Janne Grunau <janne-libav@jannau.net>
	Wed, 1 Feb 2012 11:54:39 +0000 (12:54 +0100)