From bc08ca841e66134a3b0d900cf152b4a263fa6545 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 15 Nov 2012 16:09:23 +0100
Subject: flashsv: reallocate block array independant of frame type.

Fixes NULL pointer dereference

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/flashsv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'libavcodec/flashsv.c')

diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index 14c514c361..27f5dce1d1 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -321,10 +321,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data,
     if (s->is_keyframe) {
         s->keyframedata = av_realloc(s->keyframedata, avpkt->size);
         memcpy(s->keyframedata, avpkt->data, avpkt->size);
-        s->blocks = av_realloc(s->blocks,
-                               (v_blocks + !!v_part) * (h_blocks + !!h_part)
-                               * sizeof(s->blocks[0]));
     }
+    s->blocks = av_realloc(s->blocks,
+                            (v_blocks + !!v_part) * (h_blocks + !!h_part)
+                            * sizeof(s->blocks[0]));
 
     av_dlog(avctx, "image: %dx%d block: %dx%d num: %dx%d part: %dx%d\n",
             s->image_width, s->image_height, s->block_width, s->block_height,
-- 
cgit v1.2.3