Commit 668494ac authored by Michael Niedermayer's avatar Michael Niedermayer

ffmpeg: add image size check to codec_get_buffer()

Fixes CVE-2011-3935

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 28d63471
...@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame) ...@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame)
FrameBuffer *buf; FrameBuffer *buf;
int ret, i; int ret, i;
if(av_image_check_size(s->width, s->height, 0, s))
return -1;
if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0) if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0)
return ret; return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment