svq1dec: check that the reference frame matches in size before using it.

Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

svq1dec: check that the reference frame matches in size before using it.
Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
3b57bb47 · Michael Niedermayer · dbf0a905 · 3b57bb47
Commit 3b57bb47 authored Jan 07, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

svq1dec.c libavcodec/svq1dec.c +1 -1

No files found.
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -692,7 +692,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
        } else {
            /* delta frame */
            uint8_t *previous = s->prev->data[i];
-            if (!previous) {
+            if (!previous || s->prev->width != s->cur->width || s->prev->height != s->cur->height) {
                av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
                result = AVERROR_INVALIDDATA;
                goto err;