oc_dec_headerin() dereferences pointers _tc and _setup before checking for null
This warning in libtheora was reported by µchex, a static analysis tool described in this paper:
"How to Build Static Checking Systems Using Orders of Magnitude Less Code" (Fraser Brown, Andres Nötzli, Dawson Engler) https://web.stanford.edu/~mlfbrown/paper.pdf
Pointers _tc and _setup are dereferenced on line 176 of function oc_dec_headerin() in media/libtheora/lib/decinfo.c before null checks later on line 205:
- if(!(packtype&0x80)&&_info->frame_width>0&&_tc->vendor!=NULL&&*_setup!=NULL){ …
-
if(_tc==NULL||_setup==NULL)return TH_EFAULT;