Make sure the block array is of the correct size.

This might have been exploitable. Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2009-04-09 18:47:50 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2009-04-09 18:47:50 +0000
commit: dc7f45a08e9f0a3f983b0fd5ce972fa4acc905ed (patch)
tree: 8d5f2bb93b9a04cb0f5273ae64c28dff47c20dd6 /libavcodec/snow.c
parent: bc4350a333f6eafab046922fd5e42ab8759a4a04 (diff)
download: ffmpeg-dc7f45a08e9f0a3f983b0fd5ce972fa4acc905ed.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/snow.c b/libavcodec/snow.c
index a6718f8d39..d246b9abf2 100644
--- a/libavcodec/snow.c
+++ b/libavcodec/snow.c
@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
     s->b_width = w;
     s->b_height= h;
 
+    av_free(s->block);
     s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
     return 0;
 }
@@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
                                               && p->hcoeff[2]==2;
     }
 
-    if(!s->block) alloc_blocks(s);
+    alloc_blocks(s);
 
     frame_start(s);
     //keyframe flag duplication mess FIXME
author	Michael Niedermayer <michaelni@gmx.at>	2009-04-09 18:47:50 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2009-04-09 18:47:50 +0000
commit	dc7f45a08e9f0a3f983b0fd5ce972fa4acc905ed (patch)
tree	8d5f2bb93b9a04cb0f5273ae64c28dff47c20dd6 /libavcodec/snow.c
parent	bc4350a333f6eafab046922fd5e42ab8759a4a04 (diff)
download	ffmpeg-dc7f45a08e9f0a3f983b0fd5ce972fa4acc905ed.tar.gz