From: Michael Niedermayer <[email protected]> Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Signed-off-by: Diego Biurrun <[email protected]> --- Applies to the 9 branch; again, no sample. cmdutils.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cmdutils.c b/cmdutils.c index b65326b..f072572 100644 --- a/cmdutils.c +++ b/cmdutils.c @@ -1598,6 +1598,9 @@ int codec_get_buffer(AVCodecContext *s, AVFrame *frame) FrameBuffer *buf; int ret, i; + if (av_image_check_size(s->width, s->height, 0, s)) + return AVERROR_INVALIDDATA; + if (!*pool && (ret = alloc_buffer(pool, s, pool)) < 0) return ret; -- 1.8.3.2 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
