Module: libav Branch: master Commit: ee715f49a06bf3898246d01b056284a9bb1bcbb9
Author: Anton Khirnov <[email protected]> Committer: Anton Khirnov <[email protected]> Date: Fri Sep 28 14:47:56 2012 +0200 dfa: check that the caller set width/height properly. Fixes CVE-2012-2786. --- libavcodec/dfa.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c index 5beae7f..c6f09c8 100644 --- a/libavcodec/dfa.c +++ b/libavcodec/dfa.c @@ -22,6 +22,8 @@ #include "avcodec.h" #include "bytestream.h" + +#include "libavutil/imgutils.h" #include "libavutil/lzo.h" // for av_memcpy_backptr typedef struct DfaContext { @@ -34,9 +36,13 @@ typedef struct DfaContext { static av_cold int dfa_decode_init(AVCodecContext *avctx) { DfaContext *s = avctx->priv_data; + int ret; avctx->pix_fmt = PIX_FMT_PAL8; + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) + return ret; + s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING); if (!s->frame_buf) return AVERROR(ENOMEM); _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
