dfa: check that the caller set width/height properly.

Fixes CVE-2012-2786.

dfa: check that the caller set width/height properly.
Fixes CVE-2012-2786.
ee715f49 · Anton Khirnov · 89191843 · ee715f49
Commit ee715f49 authored Sep 28, 2012 by Anton Khirnov
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

dfa.c libavcodec/dfa.c +6 -0

No files found.
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -22,6 +22,8 @@

 #include "avcodec.h"
 #include "bytestream.h"
+
+#include "libavutil/imgutils.h"
 #include "libavutil/lzo.h" // for av_memcpy_backptr

 typedef struct DfaContext {
@@ -34,9 +36,13 @@ typedef struct DfaContext {
 static av_cold int dfa_decode_init(AVCodecContext *avctx)
 {
    DfaContext *s = avctx->priv_data;
+    int ret;

    avctx->pix_fmt = PIX_FMT_PAL8;

+    if ((ret = av_image_check_size(avctx->width, avctx->height, 0, avctx)) < 0)
+        return ret;
+
    s->frame_buf = av_mallocz(avctx->width * avctx->height + AV_LZO_OUTPUT_PADDING);
    if (!s->frame_buf)
        return AVERROR(ENOMEM);