Skip to content

F
ffmpeg.wasm-core
Commit 58236862 authored by Anton Khirnov's avatar Anton Khirnov
Browse files
Options

mpeg12: do not decode extradata more than once. 

Fixes CVE-2012-2803.

CC: libav-stable@libav.org
parent c661cb66
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 1 deletion
libavcodec/mpeg12.c
View file @ 58236862
...@@ -2456,8 +2456,9 @@ static int mpeg_decode_frame(AVCodecContext *avctx, ...@@ -2456,8 +2456,9 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
s->slice_count = 0; s->slice_count = 0;
if (avctx->extradata && !avctx->frame_number) { if (avctx->extradata && !s->extradata_decoded) {
int ret = decode_chunks(avctx, picture, got_output, avctx->extradata, avctx->extradata_size); int ret = decode_chunks(avctx, picture, got_output, avctx->extradata, avctx->extradata_size);
s->extradata_decoded = 1;
if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) if (ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE))
return ret; return ret;
} }
......
libavcodec/mpeg12.h
View file @ 58236862
...@@ -42,6 +42,7 @@ typedef struct Mpeg1Context { ...@@ -42,6 +42,7 @@ typedef struct Mpeg1Context {
AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator AVRational frame_rate_ext; ///< MPEG-2 specific framerate modificator
int sync; ///< Did we reach a sync point like a GOP/SEQ/KEYFrame? int sync; ///< Did we reach a sync point like a GOP/SEQ/KEYFrame?
int closed_gop; ///< GOP is closed int closed_gop; ///< GOP is closed
int extradata_decoded;
} Mpeg1Context; } Mpeg1Context;
extern uint8_t ff_mpeg12_static_rl_table_store[2][2][2*MAX_RUN + MAX_LEVEL + 3]; extern uint8_t ff_mpeg12_static_rl_table_store[2][2][2*MAX_RUN + MAX_LEVEL + 3];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment