avcodec/wcmv: Copy/Init frame later

Speeds up error cases Fixes: 13132/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664190616829952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago · 286a33e429
parent e4289cb253
commit 286a33e429
1 changed files with 10 additions and 10 deletions
--- a/libavcodec/wcmv.c
+++ b/libavcodec/wcmv.c
@ -60,16 +60,6 @@ static int decode_frame(AVCodecContext *avctx,
    if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
        return ret;

-    if (s->prev_frame->data[0]) {
-        ret = av_frame_copy(frame, s->prev_frame);
-        if (ret < 0)
-            return ret;
-    } else {
-        ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
-        av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
-                            avctx->width, avctx->height);
-    }
-
    blocks = bytestream2_get_le16(&gb);
    if (blocks > 5) {
        GetByteContext bgb;
@ -162,6 +152,16 @@ static int decode_frame(AVCodecContext *avctx,
        bytestream2_seek(&gb, 2, SEEK_SET);
    }

+    if (s->prev_frame->data[0]) {
+        ret = av_frame_copy(frame, s->prev_frame);
+        if (ret < 0)
+            return ret;
+    } else {
+        ptrdiff_t linesize[4] = { frame->linesize[0], 0, 0, 0 };
+        av_image_fill_black(frame->data, linesize, avctx->pix_fmt, 0,
+                            avctx->width, avctx->height);
+    }
+
    for (int block = 0; block < blocks; block++) {
        int x, y, w, h;