From 090cd0631140ac1a3a795d2adfac5dbf5e381aa2 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Mon, 5 Aug 2013 06:27:12 +0200 Subject: [PATCH] vc1: check the source buffer in vc1_mc functions Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/vc1dec.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index e8c22328b6..20633d7473 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -407,6 +407,11 @@ static void vc1_mc_1mv(VC1Context *v, int dir) use_ic = v->next_use_ic; } + if (!srcY || !srcU) { + av_log(v->s.avctx, AV_LOG_ERROR, "Referenced frame missing.\n"); + return; + } + src_x = s->mb_x * 16 + (mx >> 2); src_y = s->mb_y * 16 + (my >> 2); uvsrc_x = s->mb_x * 8 + (uvmx >> 2); @@ -583,6 +588,11 @@ static void vc1_mc_4mv_luma(VC1Context *v, int n, int dir, int avg) use_ic = v->next_use_ic; } + if (!srcY) { + av_log(v->s.avctx, AV_LOG_ERROR, "Referenced frame missing.\n"); + return; + } + if (v->field_mode) { if (v->cur_field_type != v->ref_field_type[dir]) my = my - 2 + 4 * v->cur_field_type; @@ -879,6 +889,11 @@ static void vc1_mc_4mv_chroma(VC1Context *v, int dir) use_ic = v->next_use_ic; } + if (!srcU) { + av_log(v->s.avctx, AV_LOG_ERROR, "Referenced frame missing.\n"); + return; + } + srcU += uvsrc_y * s->uvlinesize + uvsrc_x; srcV += uvsrc_y * s->uvlinesize + uvsrc_x;