From 69a0bce753a5d5556d5bc0888afe390e22611dd8 Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Sat, 10 Sep 2011 13:28:13 +0200
Subject: Fixed deference of NULL pointer in motionpixels decoder.

Some of the arguments given to init_vlc() come from the stream
and can be corrupted.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
---
 libavcodec/motionpixels.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libavcodec/motionpixels.c')

diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index 21e1bda99c..9589b4c386 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -278,7 +278,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
     if (sz == 0)
         goto end;
 
-    init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+    if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+        goto end;
     mp_decode_frame_helper(mp, &gb);
     free_vlc(&mp->vlc);
 
-- 
cgit v1.2.3