[FFmpeg-cvslog] Update safety check as the maximum pixel size is no longer 4.

Michael Niedermayer git
Fri Feb 11 04:00:40 CET 2011


ffmpeg | branch: release/0.5 | Michael Niedermayer <michaelni at gmx.at> | Wed Apr 22 01:54:05 2009 +0000| [48b086b0efa40799ace96bcec010b6b72a9490d6] | committer: Reinhard Tartler

Update safety check as the maximum pixel size is no longer 4.
New max size is 16bit * 4 samples (RGBA).

Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa)

Addresses: CVE-2010-3908
Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48b086b0efa40799ace96bcec010b6b72a9490d6
---

 libavcodec/utils.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index f628774..acfafa1 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -189,7 +189,7 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){
 }
 
 int avcodec_check_dimensions(void *av_log_ctx, unsigned int w, unsigned int h){
-    if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/4)
+    if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/8)
         return 0;
 
     av_log(av_log_ctx, AV_LOG_ERROR, "picture size invalid (%ux%u)\n", w, h);




More information about the ffmpeg-cvslog mailing list