[FFmpeg-cvslog] Update safety check as the maximum pixel size is no longer 4.
Michael Niedermayer
git
Fri Feb 11 04:00:40 CET 2011
ffmpeg | branch: release/0.5 | Michael Niedermayer <michaelni at gmx.at> | Wed Apr 22 01:54:05 2009 +0000| [48b086b0efa40799ace96bcec010b6b72a9490d6] | committer: Reinhard Tartler
Update safety check as the maximum pixel size is no longer 4.
New max size is 16bit * 4 samples (RGBA).
Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa)
Addresses: CVE-2010-3908
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48b086b0efa40799ace96bcec010b6b72a9490d6
---
libavcodec/utils.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index f628774..acfafa1 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -189,7 +189,7 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){
}
int avcodec_check_dimensions(void *av_log_ctx, unsigned int w, unsigned int h){
- if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/4)
+ if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/8)
return 0;
av_log(av_log_ctx, AV_LOG_ERROR, "picture size invalid (%ux%u)\n", w, h);
More information about the ffmpeg-cvslog
mailing list