[FFmpeg-cvslog] vqavideodev: Check image dimensions
Michael Niedermayer
git at videolan.org
Thu May 3 01:02:32 CEST 2012
ffmpeg | branch: release/0.9 | Michael Niedermayer <michaelni at gmx.at> | Thu Mar 22 23:43:37 2012 +0100| [e70d202275bf93c6f0d480937a8230d45c343561] | committer: Michael Niedermayer
vqavideodev: Check image dimensions
Fixes out of heap array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d)
Independently-Found-by: Fabian Yamaguchi
Fixes: CVE-2012-0947
Conflicts:
libavcodec/vqavideo.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e70d202275bf93c6f0d480937a8230d45c343561
---
libavcodec/vqavideo.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 917e04b..727354d 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -164,6 +164,11 @@ static av_cold int vqa_decode_init(AVCodecContext *avctx)
s->codebook = av_malloc(s->codebook_size);
s->next_codebook_buffer = av_malloc(s->codebook_size);
+ if (s->width % s->vector_width || s->height % s->vector_height) {
+ av_log(avctx, AV_LOG_ERROR, "Picture dimensions are not a multiple of the vector size\n");
+ return AVERROR_INVALIDDATA;
+ }
+
/* initialize the solid-color vectors */
if (s->vector_height == 4) {
codebook_index = 0xFF00 * 16;
More information about the ffmpeg-cvslog
mailing list