[FFmpeg-cvslog] h263dec: Disallow width/height changing with frame threads.
Michael Niedermayer
git at videolan.org
Mon Jun 4 13:45:12 CEST 2012
ffmpeg | branch: release/0.10 | Michael Niedermayer <michaelni at gmx.at> | Fri Feb 17 13:35:10 2012 -0800| [58361100188a1f80bcd9b6c58a4ce588032da1ad] | committer: Reinhard Tartler
h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba)
Conflicts:
libavcodec/h263dec.c
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58361100188a1f80bcd9b6c58a4ce588032da1ad
---
libavcodec/h263dec.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index 7f0934a..1ddca19 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -578,6 +578,11 @@ retry:
/* H.263 could change picture size any time */
ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat
+ if (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_FRAME)) {
+ av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0);
+ return -1; // width / height changed during parallelized decoding
+ }
+
s->parse_context.buffer=0;
MPV_common_end(s);
s->parse_context= pc;
More information about the ffmpeg-cvslog
mailing list