From: Michael Niedermayer <[email protected]> Fixes CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Signed-off-by: Diego Biurrun <[email protected]> --- This is the version for the 0.8 branch. I have no sample to verify the fix. avconv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/avconv.c b/avconv.c index 4c57753..3d00e61 100644 --- a/avconv.c +++ b/avconv.c @@ -496,6 +496,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame) FrameBuffer *buf; int ret, i; + if (av_image_check_size(s->width, s->height, 0, s)) + return AVERROR_INVALIDDATA; + if (!ist->buffer_pool && (ret = alloc_buffer(ist, &ist->buffer_pool)) < 0) return ret; -- 1.8.3.2 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
