summaryrefslogtreecommitdiff
path: root/libavcodec/dfa.c
diff options
context:
space:
mode:
authorAnton Khirnov <anton@khirnov.net>2012-09-28 14:47:56 +0200
committerAnton Khirnov <anton@khirnov.net>2012-09-29 09:27:08 +0200
commitee715f49a06bf3898246d01b056284a9bb1bcbb9 (patch)
treeffd9d864a06ea102f1b41e5947fd0c8733383a7f /libavcodec/dfa.c
parent891918431db628db17885ed947ee387b29826a64 (diff)
downloadffmpeg-ee715f49a06bf3898246d01b056284a9bb1bcbb9.tar.gz
dfa: check that the caller set width/height properly.
Fixes CVE-2012-2786.
Diffstat (limited to 'libavcodec/dfa.c')
-rw-r--r--libavcodec/dfa.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 5beae7f1a4..c6f09c89a7 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -22,6 +22,8 @@
#include "avcodec.h"
#include "bytestream.h"
+
+#include "libavutil/imgutils.h"
#include "libavutil/lzo.h" // for av_memcpy_backptr
typedef struct DfaContext {
@@ -34,9 +36,13 @@ typedef struct DfaContext {
static av_cold int dfa_decode_init(AVCodecContext *avctx)
{
DfaContext *s = avctx->priv_data;
+ int ret;
avctx->pix_fmt = PIX_FMT_PAL8;
+ if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0)
+ return ret;
+
s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING);
if (!s->frame_buf)
return AVERROR(ENOMEM);