Module: libav Branch: release/0.8 Commit: 9e575e54a057f109d212fb05583c8330b0692289
Author: Anton Khirnov <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Fri Sep 28 14:47:56 2012 +0200 dfa: check that the caller set width/height properly. Fixes CVE-2012-2786. (cherry picked from commit ee715f49a06bf3898246d01b056284a9bb1bcbb9) Signed-off-by: Reinhard Tartler <[email protected]> --- libavcodec/dfa.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c index 08bb2a4..d68ac5e 100644 --- a/libavcodec/dfa.c +++ b/libavcodec/dfa.c @@ -23,6 +23,8 @@ #include "avcodec.h" #include "libavutil/intreadwrite.h" #include "bytestream.h" + +#include "libavutil/imgutils.h" #include "libavutil/lzo.h" // for av_memcpy_backptr typedef struct DfaContext { @@ -35,9 +37,13 @@ typedef struct DfaContext { static av_cold int dfa_decode_init(AVCodecContext *avctx) { DfaContext *s = avctx->priv_data; + int ret; avctx->pix_fmt = PIX_FMT_PAL8; + if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0) + return ret; + s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING); if (!s->frame_buf) return AVERROR(ENOMEM); _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
