Make sure the block array is of the correct size.

This might have been exploitable. Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk

Make sure the block array is of the correct size.
This might have been exploitable. Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk
dc7f45a0 · Michael Niedermayer · bc4350a3 · dc7f45a0
Commit dc7f45a0 authored Apr 09, 2009 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

snow.c libavcodec/snow.c +2 -1

No files found.
--- a/libavcodec/snow.c
+++ b/libavcodec/snow.c
@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
    s->b_width = w;
    s->b_height= h;

+    av_free(s->block);
    s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
    return 0;
 }
@@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
                                              && p->hcoeff[2]==2;
    }

-    if(!s->block) alloc_blocks(s);
+    alloc_blocks(s);

    frame_start(s);
    //keyframe flag duplication mess FIXME