On 08/03/2014 11:32 AM, Diego Biurrun wrote:
From: Michael Niedermayer <[email protected]>
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <[email protected]>
Signed-off-by: Diego Biurrun <[email protected]>
---
Applies to the 9 branch; again, no sample.
cmdutils.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/cmdutils.c b/cmdutils.c
index b65326b..f072572 100644
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -1598,6 +1598,9 @@ int codec_get_buffer(AVCodecContext *s, AVFrame *frame)
FrameBuffer *buf;
int ret, i;
+ if (av_image_check_size(s->width, s->height, 0, s))
+ return AVERROR_INVALIDDATA;
+
if (!*pool && (ret = alloc_buffer(pool, s, pool)) < 0)
return ret;
This seems like the lazy way out of making sure decoders validate width
and height if they change them after init, but I suppose it doesn't hurt
anything.
-Justin
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
