[FFmpeg-cvslog] dpx: perform width/ height upgrade and av_image_check_size earlier to prevent segfault on malformed input
Peter Ross
git at videolan.org
Mon Nov 26 13:14:37 CET 2012
ffmpeg | branch: master | Peter Ross <pross at xvid.org> | Mon Nov 26 22:45:07 2012 +1100| [f2dc82b90ffe4191ea5f207e6b3ffc473e093f65] | committer: Paul B Mahol
dpx: perform width/height upgrade and av_image_check_size earlier to prevent segfault on malformed input
Signed-off-by: Peter Ross <pross at xvid.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2dc82b90ffe4191ea5f207e6b3ffc473e093f65
---
libavcodec/dpx.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
index bfc88b6..4d09efe 100644
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@@ -104,6 +104,11 @@ static int decode_frame(AVCodecContext *avctx,
buf = avpkt->data + 0x304;
w = read32(&buf, endian);
h = read32(&buf, endian);
+ if (av_image_check_size(w, h, 0, avctx))
+ return AVERROR(EINVAL);
+
+ if (w != avctx->width || h != avctx->height)
+ avcodec_set_dimensions(avctx, w, h);
// Need to end in 0x320 to read the descriptor
buf += 20;
@@ -182,10 +187,6 @@ static int decode_frame(AVCodecContext *avctx,
if (s->picture.data[0])
avctx->release_buffer(avctx, &s->picture);
- if (av_image_check_size(w, h, 0, avctx))
- return -1;
- if (w != avctx->width || h != avctx->height)
- avcodec_set_dimensions(avctx, w, h);
if (avctx->get_buffer(avctx, p) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return -1;
More information about the ffmpeg-cvslog
mailing list