On Sun, Mar 10, 2019 at 09:15:40AM +0100, Paul B Mahol wrote: > On 3/10/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > Fixes: Out of array access > > Fixes: > > 13552/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IMM4_fuzzer-5767949648920576 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/imm4.c | 12 +++++++----- > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > diff --git a/libavcodec/imm4.c b/libavcodec/imm4.c > > index b66689acab..1a4d0decd7 100644 > > --- a/libavcodec/imm4.c > > +++ b/libavcodec/imm4.c > > @@ -446,11 +446,13 @@ static int decode_frame(AVCodecContext *avctx, void > > *data, > > return AVERROR_PATCHWELCOME; > > } > > > > - if (!frame->key_frame && > > - (avctx->width != width || > > - avctx->height != height)) { > > - av_log(avctx, AV_LOG_ERROR, "Frame size change is unsupported.\n"); > > - return AVERROR_INVALIDDATA; > > + if (avctx->width != width || > > + avctx->height != height) { > > + if (!frame->key_frame) { > > + av_log(avctx, AV_LOG_ERROR, "Frame size change is > > unsupported.\n"); > > + return AVERROR_INVALIDDATA; > > + } > > + av_frame_unref(s->prev_frame); > > } > > ok
will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB it is not once nor twice but times without number that the same ideas make their appearance in the world. -- Aristotle
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
