[FFmpeg-devel] [PATCH 1/4] dpx: perform width/height upgrade and av_image_check_size earlier to prevent segfault on malformed input

Reimar Döffinger Reimar.Doeffinger at gmx.de
Sun Nov 25 09:20:04 CET 2012



On 25 Nov 2012, at 03:19, Peter Ross <pross at xvid.org> wrote:

> Signed-off-by: Peter Ross <pross at xvid.org>
> ---
> libavcodec/dpx.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
> index bfc88b6..ba507d5 100644
> --- a/libavcodec/dpx.c
> +++ b/libavcodec/dpx.c
> @@ -105,6 +105,11 @@ static int decode_frame(AVCodecContext *avctx,
>     w = read32(&buf, endian);
>     h = read32(&buf, endian);
> 
> +    if (w != avctx->width || h != avctx->height)
> +        avcodec_set_dimensions(avctx, w, h);
> +    if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
> +        return AVERROR(EINVAL);

That seems risky to me, I think the values should first be verified and only then set in the context.
I guess it might mean you'll have to duplicate the check though.


More information about the ffmpeg-devel mailing list