It is possible for the source state to be NULL, namely if an error
happened in the src thread and it never even reached the point of
decoding the slices; or if the allocation of src's states failed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavcodec/ffv1dec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 791dc073bf..bddfd8e2fb 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -256,7 +256,10 @@ static int decode_slice(AVCodecContext *c, void *arg)
memcpy(pdst, psrc, sizeof(*pdst));
pdst->state = NULL;
pdst->vlc_state = NULL;
-
+ if (fssrc->ac && !psrc->state || !fssrc->ac && !psrc->vlc_state) {
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
if (fssrc->ac) {
pdst->state = av_malloc_array(CONTEXT_SIZE,
psrc->context_count);
if (!pdst->state) {
--
2.27.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
