[FFmpeg-cvslog] h263dec: Disallow width/height changing with frame threads.

Michael Niedermayer git at videolan.org
Mon Jun 4 13:13:41 CEST 2012


ffmpeg | branch: release/0.7 | Michael Niedermayer <michaelni at gmx.at> | Fri Feb 17 13:35:10 2012 -0800| [3313f31f012a434a7c7aac6cb2c554d5cbac88fc] | committer: Reinhard Tartler

h263dec: Disallow width/height changing with frame threads.

Fixes CVE-2011-3937

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba)

Conflicts:

	libavcodec/h263dec.c

Signed-off-by: Alex Converse <alex.converse at gmail.com>
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 4be63587e110c05cda3101abf2e3745d919f3fae)

Conflicts:

	libavcodec/h263dec.c

Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3313f31f012a434a7c7aac6cb2c554d5cbac88fc
---

 libavcodec/h263dec.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index 021e172..15fc724 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -574,6 +574,11 @@ retry:
         /* H.263 could change picture size any time */
         ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat
 
+        if (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_FRAME)) {
+            av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0);
+            return -1;   // width / height changed during parallelized decoding
+        }
+
         s->parse_context.buffer=0;
         MPV_common_end(s);
         s->parse_context= pc;



More information about the ffmpeg-cvslog mailing list