[FFmpeg-cvslog] svq1dec: check that the reference frame matches in size before using it.
Michael Niedermayer
git at videolan.org
Tue Jan 8 00:32:49 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Jan 7 23:42:35 2013 +0100| [3b57bb478ff4455773378355e285877d757e151e] | committer: Michael Niedermayer
svq1dec: check that the reference frame matches in size before using it.
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b57bb478ff4455773378355e285877d757e151e
---
libavcodec/svq1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index 187522c..5735683 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -692,7 +692,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
} else {
/* delta frame */
uint8_t *previous = s->prev->data[i];
- if (!previous) {
+ if (!previous || s->prev->width != s->cur->width || s->prev->height != s->cur->height) {
av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
result = AVERROR_INVALIDDATA;
goto err;
More information about the ffmpeg-cvslog
mailing list