From bb146bb57bea6647f9c080aa4f9323a3a789ad22 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 23 Mar 2012 03:43:30 +0100
Subject: ogg: prevent NULL pointer deference in theora gptopts

Additional safety in case a special ogg stream is crafted
with the proper number of

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/oggparsetheora.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'libavformat/oggparsetheora.c')

diff --git a/libavformat/oggparsetheora.c b/libavformat/oggparsetheora.c
index df7a89c09d..632c4ef521 100644
--- a/libavformat/oggparsetheora.c
+++ b/libavformat/oggparsetheora.c
@@ -131,8 +131,13 @@ theora_gptopts(AVFormatContext *ctx, int idx, uint64_t gp, int64_t *dts)
     struct ogg *ogg = ctx->priv_data;
     struct ogg_stream *os = ogg->streams + idx;
     struct theora_params *thp = os->private;
-    uint64_t iframe = gp >> thp->gpshift;
-    uint64_t pframe = gp & thp->gpmask;
+    uint64_t iframe, pframe;
+
+    if (!thp)
+        return AV_NOPTS_VALUE;
+
+    iframe = gp >> thp->gpshift;
+    pframe = gp & thp->gpmask;
 
     if (thp->version < 0x030201)
         iframe++;
-- 
cgit v1.2.3