From 57e939d963800f8e6977d0238e6116c7d1b53315 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 27 Mar 2014 04:40:48 +0100
Subject: [PATCH] avcodec/vp7: Fix null pointer dereference in
 vp7_decode_frame_header()

This simply copies the "interframe without a prior keyframe" check
thats done later into vp7_decode_frame_header()

Found-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/vp8.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 0c2f503ac6..45a19a04e4 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -521,6 +521,13 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
         int alpha = (int8_t)vp8_rac_get_uint(c, 8);
         int beta  = (int8_t)vp8_rac_get_uint(c, 8);
         if (!s->keyframe && (alpha || beta)) {
+
+            if (!s->framep[VP56_FRAME_PREVIOUS] ||
+                !s->framep[VP56_FRAME_GOLDEN]) {
+                av_log(s->avctx, AV_LOG_WARNING, "Discarding interframe without a prior keyframe!\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             /* preserve the golden frame */
             if (s->framep[VP56_FRAME_GOLDEN] == s->framep[VP56_FRAME_PREVIOUS]) {
                 AVFrame *gold = s->framep[VP56_FRAME_GOLDEN]->tf.f;