[FFmpeg-devel] [PATCH 1/4] dpx: perform width/height upgrade and av_image_check_size earlier to prevent segfault on malformed input
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sun Nov 25 09:20:04 CET 2012
On 25 Nov 2012, at 03:19, Peter Ross <pross at xvid.org> wrote:
> Signed-off-by: Peter Ross <pross at xvid.org>
> ---
> libavcodec/dpx.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
> index bfc88b6..ba507d5 100644
> --- a/libavcodec/dpx.c
> +++ b/libavcodec/dpx.c
> @@ -105,6 +105,11 @@ static int decode_frame(AVCodecContext *avctx,
> w = read32(&buf, endian);
> h = read32(&buf, endian);
>
> + if (w != avctx->width || h != avctx->height)
> + avcodec_set_dimensions(avctx, w, h);
> + if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
> + return AVERROR(EINVAL);
That seems risky to me, I think the values should first be verified and only then set in the context.
I guess it might mean you'll have to duplicate the check though.
More information about the ffmpeg-devel
mailing list