[FFmpeg-cvslog] svq1dec: check that the reference frame matches in size before using it.

Michael Niedermayer git at videolan.org
Tue Jan 8 00:32:49 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Jan  7 23:42:35 2013 +0100| [3b57bb478ff4455773378355e285877d757e151e] | committer: Michael Niedermayer

svq1dec: check that the reference frame matches in size before using it.

Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b57bb478ff4455773378355e285877d757e151e
---

 libavcodec/svq1dec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index 187522c..5735683 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -692,7 +692,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
         } else {
             /* delta frame */
             uint8_t *previous = s->prev->data[i];
-            if (!previous) {
+            if (!previous || s->prev->width != s->cur->width || s->prev->height != s->cur->height) {
                 av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
                 result = AVERROR_INVALIDDATA;
                 goto err;



More information about the ffmpeg-cvslog mailing list