From 0f980302902a7db35253bff282d05d739d7ed6e5 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 8 May 2017 14:43:03 +0200 Subject: avcodec/webp: Update canvas size in vp8_lossy_decode_frame() as in vp8_lossless_decode_frame() Fixes: 1407/clusterfuzz-testcase-minimized-6044604124102656 Fixes: 1420/clusterfuzz-testcase-minimized-6059927359455232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 72810d20b74f05cc4b214d6c277fa6f43160df54) Signed-off-by: Michael Niedermayer --- libavcodec/webp.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'libavcodec/webp.c') diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 3fef45603c..ef7b26c4c8 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -1350,6 +1350,9 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p, ret = ff_vp8_decode_frame(avctx, p, got_frame, &pkt); if (ret < 0) return ret; + + update_canvas_size(avctx, avctx->width, avctx->height); + if (s->has_alpha) { ret = vp8_lossy_decode_alpha(avctx, p, s->alpha_data, s->alpha_data_size); -- cgit v1.2.1