From b1e2192007d7026049237c9ab11e05ae71bf4f42 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 4 Feb 2017 02:45:02 +0100 Subject: avcodec/interplayvideo: Move parameter change check up Fixes out of array read Fixes: 544/clusterfuzz-testcase-5936536407244800.f8bd9b24_8ba77916_70c2c7be_3df6a2ea_96cd9f14 Signed-off-by: Michael Niedermayer --- libavcodec/interplayvideo.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'libavcodec/interplayvideo.c') diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c index abfc935f7b..8d2f3ab48c 100644 --- a/libavcodec/interplayvideo.c +++ b/libavcodec/interplayvideo.c @@ -989,6 +989,11 @@ static int ipvideo_decode_frame(AVCodecContext *avctx, AVFrame *frame = data; int ret; + if (av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, NULL)) { + av_frame_unref(s->last_frame); + av_frame_unref(s->second_last_frame); + } + if (buf_size < 2) return AVERROR_INVALIDDATA; @@ -1000,10 +1005,6 @@ static int ipvideo_decode_frame(AVCodecContext *avctx, if (buf_size < s->decoding_map_size + 2) return buf_size; - if (av_packet_get_side_data(avpkt, AV_PKT_DATA_PARAM_CHANGE, NULL)) { - av_frame_unref(s->last_frame); - av_frame_unref(s->second_last_frame); - } s->decoding_map = buf + 2; bytestream2_init(&s->stream_ptr, buf + 2 + s->decoding_map_size, -- cgit v1.2.3