svq1dec: check that the reference frame has the same dimensions as the current one

They can be different if the last keyframe failed to decode correctly. Fixes possible invalid reads in such a case. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org

svq1dec: check that the reference frame has the same dimensions as the current one
They can be different if the last keyframe failed to decode correctly. Fixes possible invalid reads in such a case. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
b1bb8fb8 · Anton Khirnov · c0771a1a · b1bb8fb8
Commit b1bb8fb8 authored Apr 08, 2013 by Anton Khirnov
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

svq1dec.c libavcodec/svq1dec.c +2 -1

No files found.
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -689,7 +689,8 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
        } else {
            /* delta frame */
            uint8_t *previous = s->prev->data[i];
-            if (!previous) {
+            if (!previous ||
+                s->prev->width != s->width || s->prev->height != s->height) {
                av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
                result = AVERROR_INVALIDDATA;
                goto err;