generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dfa: check that the caller set width/height properly.

Browse Source 
Fixes CVE-2012-2786.
(cherry picked from commit ee715f49a06bf3898246d01b056284a9bb1bcbb9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This commit is contained in:
Anton Khirnov 2012-09-28 14:47:56 +02:00 committed by Reinhard Tartler
parent 9a76b7375e
commit 9e575e54a0
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/dfa.c
View File

@ -23,6 +23,8 @@
#include "avcodec.h"
#include "libavutil/intreadwrite.h"
#include "bytestream.h"
#include "libavutil/imgutils.h"
#include "libavutil/lzo.h" // for av_memcpy_backptr
typedef struct DfaContext {
@ -35,9 +37,13 @@ typedef struct DfaContext {
static av_cold int dfa_decode_init(AVCodecContext *avctx)
{
DfaContext *s = avctx->priv_data;
int ret;
avctx->pix_fmt = PIX_FMT_PAL8;
if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0)
return ret;
s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING);
if (!s->frame_buf)
return AVERROR(ENOMEM);