Files · 0f199f0ad01ea4504edcfd947c85cfa69292f881 · Linshizhi / ffmpeg.wasm-core

Reimar Döffinger authored Feb 25, 2016

Reported as https://trac.mplayerhq.hu/ticket/2264 but have
not been able to reproduce with FFmpeg-only.
I have no idea what coded_height is used for here exactly,
so this might not be the best fix.
Fixes the following chain of events:
ff_mss12_decode_init sets coded_height while not setting height.
ff_mpv_decode_init then copies coded_height into MpegEncContext height.
This is then used by init_context_frame to allocate the data structures.
However the wmv9rects are validated/initialized based on avctx->height, not
avctx->coded_height.
Thus the decode_wmv9 function will try to decode a larger video that we
allocated data structures for, causing out-of-bounds writes.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>

0f199f0a

Name	Last commit	Last update
compat		Loading commit data...
doc		Loading commit data...
libavcodec		Loading commit data...
libavdevice		Loading commit data...
libavfilter		Loading commit data...
libavformat		Loading commit data...
libavresample		Loading commit data...
libavutil		Loading commit data...
libpostproc		Loading commit data...
libswresample		Loading commit data...
libswscale		Loading commit data...
presets		Loading commit data...
tests		Loading commit data...
tools		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
COPYING.GPLv2		Loading commit data...
COPYING.GPLv3		Loading commit data...
COPYING.LGPLv2.1		Loading commit data...
COPYING.LGPLv3		Loading commit data...
CREDITS		Loading commit data...
Changelog		Loading commit data...
INSTALL.md		Loading commit data...
LICENSE.md		Loading commit data...
MAINTAINERS		Loading commit data...
Makefile		Loading commit data...
README.md		Loading commit data...
RELEASE		Loading commit data...
arch.mak		Loading commit data...
cmdutils.c		Loading commit data...
cmdutils.h		Loading commit data...
cmdutils_common_opts.h		Loading commit data...
cmdutils_opencl.c		Loading commit data...
common.mak		Loading commit data...
configure		Loading commit data...
ffmpeg.c		Loading commit data...
ffmpeg.h		Loading commit data...
ffmpeg_dxva2.c		Loading commit data...
ffmpeg_filter.c		Loading commit data...
ffmpeg_opt.c		Loading commit data...
ffmpeg_qsv.c		Loading commit data...
ffmpeg_vdpau.c		Loading commit data...
ffmpeg_videotoolbox.c		Loading commit data...
ffplay.c		Loading commit data...
ffprobe.c		Loading commit data...
ffserver.c		Loading commit data...
ffserver_config.c		Loading commit data...
ffserver_config.h		Loading commit data...
library.mak		Loading commit data...
version.sh		Loading commit data...

README.md