@@ -173,9 +173,6 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz
return AVERROR_INVALIDDATA;
}
- /*use the last lot... */
- *data_size = s->mjpeg_data_size;
-
avctx->pix_fmt = s->avctx->pix_fmt;
/* We shouldn't get here if frames_per_jpeg <= 0 because this was rejected
@@ -186,6 +183,9 @@ static int smvjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_siz
return ret;
}
+ /*use the last lot... */
+ *data_size = s->mjpeg_data_size;
+
if (*data_size) {
s->picture[1]->extended_data = NULL;
s->picture[1]->width = avctx->width;
Fixes: assertion failure Fixes: 26813/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5756269803339776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/smvjpegdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)