[FFmpeg-cvslog] mpeg12: do not decode extradata more than once.

Thu Feb 14 14:19:38 CET 2013

ffmpeg | branch: release/0.8 | Anton Khirnov <anton at khirnov.net> | Thu Dec 13 17:53:31 2012 +0100| [301761792a693a1f3303a2af34a0fb066a03c10c] | committer: Reinhard Tartler

mpeg12: do not decode extradata more than once.

Fixes CVE-2012-2803.

(cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2)

Conflicts:

	libavcodec/mpeg12.c
	libavcodec/mpeg12.h

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=301761792a693a1f3303a2af34a0fb066a03c10c
---

 libavcodec/mpeg12.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index 03c95c1..047c38f 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -1147,6 +1147,7 @@ typedef struct Mpeg1Context {
     int save_width, save_height, save_progressive_seq;
     AVRational frame_rate_ext;       ///< MPEG-2 specific framerate modificator
     int sync;                        ///< Did we reach a sync point like a GOP/SEQ/KEYFrame?
+    int extradata_decoded;
 } Mpeg1Context;
 
 static av_cold int mpeg_decode_init(AVCodecContext *avctx)
@@ -2279,8 +2280,10 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
 
     s->slice_count= 0;
 
-    if(avctx->extradata && !avctx->frame_number)
+    if (avctx->extradata && !s->extradata_decoded) {
         decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        s->extradata_decoded = 1;
+    }
 
     return decode_chunks(avctx, picture, data_size, buf, buf_size);
 }

