Fixes CVE-2012-2803.
CC: [email protected]
---
libavcodec/mpeg12.c | 3 ++-
libavcodec/mpeg12.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index df8afec..3366fba 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2453,8 +2453,9 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
s->slice_count = 0;
- if (avctx->extradata && !avctx->frame_number) {
+ if (avctx->extradata && !s->extradata_decoded) {
int ret = decode_chunks(avctx, picture, got_output, avctx->extradata,
avctx->extradata_size);
+ s->extradata_decoded = 1;
if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
return ret;
}
diff --git a/libavcodec/mpeg12.h b/libavcodec/mpeg12.h
index ab0352f..0f9faaf 100644
--- a/libavcodec/mpeg12.h
+++ b/libavcodec/mpeg12.h
@@ -42,6 +42,7 @@ typedef struct Mpeg1Context {
AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator
int sync; ///< Did we reach a sync point like a
GOP/SEQ/KEYFrame?
int closed_gop; ///< GOP is closed
+ int extradata_decoded;
} Mpeg1Context;
extern uint8_t ff_mpeg12_static_rl_table_store[2][2][2*MAX_RUN + MAX_LEVEL +
3];
--
1.7.10.4
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
