From e7ffee1d83fbb19170a1bf4e67a01e3f0ca0612e Mon Sep 17 00:00:00 2001
From: Jiyong Min <jiyong.min@samsung.com>
Date: Tue, 17 Apr 2018 15:33:11 +0900
Subject: [PATCH] [CVE-2017-17129] vc1: skip motion compensation when data fro
 last picture is invalid

Bug-Id: 1101
Cc: libav-stable@libav.org
(cherry picked from commit 5085f25ace1e74846a0de3369bedd0e22d1a1bdc)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>

Change-Id: I5f13d62d569ac3262a35ff11a3808abb59eff67a
(cherry picked from commit 7be0ce8d7175a1a3dcbd165c303107e294bf8171)
---
 libavcodec/vc1_mc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/vc1_mc.c b/libavcodec/vc1_mc.c
index f4632d6..18ac47a 100644
--- a/libavcodec/vc1_mc.c
+++ b/libavcodec/vc1_mc.c
@@ -689,6 +689,11 @@ void ff_vc1_mc_4mv_chroma4(VC1Context *v, int dir, int dir2, int avg)
     if (s->avctx->flags & AV_CODEC_FLAG_GRAY)
         return;
 
+    if (!s->last_picture.f->data[1]) {
+      av_log(s->avctx, AV_LOG_ERROR, "Bad data in last picture frame.\n");
+      return;
+    }
+
     for (i = 0; i < 4; i++) {
         int d = i < 2 ? dir: dir2;
         tx = s->mv[d][i][0];
-- 
2.7.4