From 45f5e17aa43a4cebed77d8e9781447ad29a0ed61 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 28 Sep 2016 16:14:08 +0200
Subject: [PATCH] avformat/avidec: Check nb_streams in read_gab2_sub()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes null pointer dereference
Fixes: 1/null_point.avi

Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2679ad4773aa356e7c3da5c68bc81f02a194617f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/avidec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 5e9c1e3ed9..98d0267eea 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1057,6 +1057,8 @@ static int read_gab2_sub(AVStream *st, AVPacket *pkt)
 
         ast->sub_ctx->pb = pb;
         if (!avformat_open_input(&ast->sub_ctx, "", sub_demuxer, NULL)) {
+            if (ast->sub_ctx->nb_streams != 1)
+                goto error;
             ff_read_packet(ast->sub_ctx, &ast->sub_pkt);
             *st->codec = *ast->sub_ctx->streams[0]->codec;
             ast->sub_ctx->streams[0]->codec->extradata = NULL;