[FFmpeg-cvslog] Update dimensions in AVCodecContext when RV3/4 frame dimensions change
Kostya Shishkov
git
Fri Feb 11 04:00:41 CET 2011
ffmpeg | branch: release/0.5 | Kostya Shishkov <kostya.shishkov at gmail.com> | Sun Nov 22 07:48:35 2009 +0000| [44511b17cbbb524602c91a198e7314fa57a7062a] | committer: Reinhard Tartler
Update dimensions in AVCodecContext when RV3/4 frame dimensions change
Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit ec10d2d53999f6edf7d7b5ac88df263eccfb1fb0)
Fixes heap corruption crashes
Addresses: CVE-2011-0722
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44511b17cbbb524602c91a198e7314fa57a7062a
---
libavcodec/rv34.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index c227707..9fe3919 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -1247,8 +1247,8 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int
if(s->width != r->si.width || s->height != r->si.height){
av_log(s->avctx, AV_LOG_DEBUG, "Changing dimensions to %dx%d\n", r->si.width,r->si.height);
MPV_common_end(s);
- s->width = r->si.width;
- s->height = r->si.height;
+ s->width = s->avctx->width = r->si.width;
+ s->height = s->avctx->height = r->si.height;
if(MPV_common_init(s) < 0)
return -1;
r->intra_types_hist = av_realloc(r->intra_types_hist, s->b4_stride * 4 * 2 * sizeof(*r->intra_types_hist));
More information about the ffmpeg-cvslog
mailing list