[FFmpeg-cvslog] lavc: Check the image size before calling get_buffer
Luca Barbato
git at videolan.org
Fri Aug 8 15:02:38 CEST 2014
ffmpeg | branch: release/1.1 | Luca Barbato <lu_zero at gentoo.org> | Mon Aug 4 14:15:45 2014 +0200| [146b187113e3cc20c2a97c5f264da13e701ca247] | committer: Luca Barbato
lavc: Check the image size before calling get_buffer
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=146b187113e3cc20c2a97c5f264da13e701ca247
---
libavcodec/utils.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 19c8a99..42be645 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -465,6 +465,8 @@ int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame)
{
switch (avctx->codec_type) {
case AVMEDIA_TYPE_VIDEO:
+ if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
+ return AVERROR_INVALIDDATA;
frame->width = avctx->width;
frame->height = avctx->height;
frame->format = avctx->pix_fmt;
More information about the ffmpeg-cvslog
mailing list