[FFmpeg-cvslog] rv20: prevent calling ff_h263_decode_mba() with unset height/width
Janne Grunau
git at videolan.org
Thu Jan 26 03:20:22 CET 2012
ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Tue Jan 24 21:50:50 2012 +0100| [c3e10ae4127c998b809066926a410f40ebd47593] | committer: Janne Grunau
rv20: prevent calling ff_h263_decode_mba() with unset height/width
Prevents a crash of VLC during playback of a invalid matroska file,
found by John Villamil <johnv at matasano.com>.
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3e10ae4127c998b809066926a410f40ebd47593
---
libavcodec/rv10.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index 9f2fe77..1d7fd6b 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -362,7 +362,8 @@ static int rv20_decode_picture_header(MpegEncContext *s)
if(s->avctx->debug & FF_DEBUG_PICT_INFO){
av_log(s->avctx, AV_LOG_DEBUG, "F %d/%d\n", f, rpr_bits);
}
- }
+ } else if (av_image_check_size(s->width, s->height, 0, s->avctx) < 0)
+ return AVERROR_INVALIDDATA;
mb_pos = ff_h263_decode_mba(s);
More information about the ffmpeg-cvslog
mailing list