avcodec/sheervideo: Don't leave context in inconsistent state upon error

This has happened if the format changed midstream and if the new packet
is so small that it is instantaneously rejected: In this case the VLC
tables were for the new format, although the context says that they are
still the ones for the old format. It can also happen if the format
changed midstream and the allocation of the new tables fails. If the
next packet is a packet for the old format, the decoder thinks it
already has the correct VLC tables, leading to a segfault.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavcodec/sheervideo.c b/libavcodec/sheervideo.c
index e1a203d3618c9565cf7bbe2e2d89415825928067..099e5fdf22a3524a3c35aabadefa90fd9d73569c 100644 (file)
--- a/libavcodec/sheervideo.c
+++ b/libavcodec/sheervideo.c
@@ -2034,16 +2034,17 @@ static int decode_frame(AVCodecContext *avctx,
         return AVERROR_PATCHWELCOME;
     }
 
-    if (avpkt->size < 20 + avctx->width * avctx->height / 16) {
-        av_log(avctx, AV_LOG_ERROR, "Input packet too small\n");
-        return AVERROR_INVALIDDATA;
-    }
-
     if (s->format != format) {
-        if (ret < 0)
+        if (ret < 0) {
+            s->format = 0;
             return ret;
+        }
         s->format = format;
     }
+    if (avpkt->size < 20 + avctx->width * avctx->height / 16) {
+        av_log(avctx, AV_LOG_ERROR, "Input packet too small\n");
+        return AVERROR_INVALIDDATA;
+    }
 
     p->pict_type = AV_PICTURE_TYPE_I;
     p->key_frame = 1;