generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lavc: Check the image size before calling get_buffer

Browse Source 
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
Luca Barbato
2014-08-04 14:15:45 +02:00
parent 43d6764327
commit 146b187113
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/utils.c
View File

@@ -465,6 +465,8 @@ int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame)
{ {
switch (avctx->codec_type) { switch (avctx->codec_type) {
case AVMEDIA_TYPE_VIDEO: case AVMEDIA_TYPE_VIDEO:
if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
return AVERROR_INVALIDDATA;
frame->width = avctx->width; frame->width = avctx->width;
frame->height = avctx->height; frame->height = avctx->height;
frame->format = avctx->pix_fmt; frame->format = avctx->pix_fmt;