diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2014-08-04 14:15:45 +0200 |
|---|---|---|
| committer | Luca Barbato <lu_zero@gentoo.org> | 2014-08-04 14:15:45 +0200 |
| commit | 146b187113e3cc20c2a97c5f264da13e701ca247 (patch) | |
| tree | 787c4efc1c2f6a1725252dcb0e5ab49267ef8c4a | |
| parent | 43d676432740c6d5e5234ed343f13902909fd124 (diff) | |
| download | ffmpeg-146b187113e3cc20c2a97c5f264da13e701ca247.tar.gz | |
lavc: Check the image size before calling get_buffer
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
| -rw-r--r-- | libavcodec/utils.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 19c8a99ff5..42be6450af 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -465,6 +465,8 @@ int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame) { switch (avctx->codec_type) { case AVMEDIA_TYPE_VIDEO: + if (av_image_check_size(avctx->width, avctx->height, 0, avctx)) + return AVERROR_INVALIDDATA; frame->width = avctx->width; frame->height = avctx->height; frame->format = avctx->pix_fmt; |