[FFmpeg-cvslog] svq1dec: check that the reference frame has the same dimensions as the current one
Anton Khirnov
git at videolan.org
Wed Apr 17 15:42:08 CEST 2013
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Mon Apr 8 22:12:12 2013 +0200| [b1bb8fb860b47e90dd67f0c5740698128fc82dcc] | committer: Anton Khirnov
svq1dec: check that the reference frame has the same dimensions as the current one
They can be different if the last keyframe failed to decode correctly.
Fixes possible invalid reads in such a case.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1bb8fb860b47e90dd67f0c5740698128fc82dcc
---
libavcodec/svq1dec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index d9e6f7e..156b960 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -689,7 +689,8 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
} else {
/* delta frame */
uint8_t *previous = s->prev->data[i];
- if (!previous) {
+ if (!previous ||
+ s->prev->width != s->width || s->prev->height != s->height) {
av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
result = AVERROR_INVALIDDATA;
goto err;
More information about the ffmpeg-cvslog
mailing list