Module: libav Branch: release/0.8 Commit: 56c1e18a5225f2737f91e6028f114f56d7ca802a
Author: Anton Khirnov <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Thu Dec 13 17:53:31 2012 +0100 mpeg12: do not decode extradata more than once. Fixes CVE-2012-2803. CC: [email protected] (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) Conflicts: libavcodec/mpeg12.c --- libavcodec/mpeg12.c | 3 ++- libavcodec/mpeg12.h | 1 + 2 files changed, 3 insertions(+), 1 deletions(-) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 65dfe47..436b4cf 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2223,8 +2223,9 @@ static int mpeg_decode_frame(AVCodecContext *avctx, s->slice_count = 0; - if (avctx->extradata && !avctx->frame_number) { + if (avctx->extradata && !s->extradata_decoded) { int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size); + s->extradata_decoded = 1; if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) return ret; } diff --git a/libavcodec/mpeg12.h b/libavcodec/mpeg12.h index ab0352f..0f9faaf 100644 --- a/libavcodec/mpeg12.h +++ b/libavcodec/mpeg12.h @@ -42,6 +42,7 @@ typedef struct Mpeg1Context { AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator int sync; ///< Did we reach a sync point like a GOP/SEQ/KEYFrame? int closed_gop; ///< GOP is closed + int extradata_decoded; } Mpeg1Context; extern uint8_t ff_mpeg12_static_rl_table_store[2][2][2*MAX_RUN + MAX_LEVEL + 3]; _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
