[FFmpeg-cvslog] mpeg12: do not decode extradata more than once.
Anton Khirnov
git at videolan.org
Thu Jan 17 02:04:33 CET 2013
ffmpeg | branch: release/0.10 | Anton Khirnov <anton at khirnov.net> | Thu Dec 13 17:53:31 2012 +0100| [56c1e18a5225f2737f91e6028f114f56d7ca802a] | committer: Reinhard Tartler
mpeg12: do not decode extradata more than once.
Fixes CVE-2012-2803.
CC: libav-stable at libav.org
(cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2)
Conflicts:
libavcodec/mpeg12.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56c1e18a5225f2737f91e6028f114f56d7ca802a
---
libavcodec/mpeg12.c | 3 ++-
libavcodec/mpeg12.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index 65dfe47..436b4cf 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -2223,8 +2223,9 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
s->slice_count = 0;
- if (avctx->extradata && !avctx->frame_number) {
+ if (avctx->extradata && !s->extradata_decoded) {
int ret = decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+ s->extradata_decoded = 1;
if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
return ret;
}
diff --git a/libavcodec/mpeg12.h b/libavcodec/mpeg12.h
index ab0352f..0f9faaf 100644
--- a/libavcodec/mpeg12.h
+++ b/libavcodec/mpeg12.h
@@ -42,6 +42,7 @@ typedef struct Mpeg1Context {
AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator
int sync; ///< Did we reach a sync point like a GOP/SEQ/KEYFrame?
int closed_gop; ///< GOP is closed
+ int extradata_decoded;
} Mpeg1Context;
extern uint8_t ff_mpeg12_static_rl_table_store[2][2][2*MAX_RUN + MAX_LEVEL + 3];
More information about the ffmpeg-cvslog
mailing list