[FFmpeg-cvslog] avcodec/hnm4video: check dimensions for validity
Michael Niedermayer
git at videolan.org
Sat Nov 23 01:18:21 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Nov 22 23:11:20 2013 +0100| [bd8d28e2d2713f0368ee6b7dbb5ec251cbc162ac] | committer: Michael Niedermayer
avcodec/hnm4video: check dimensions for validity
Fixes out of array read
Fixes: asan_heap-oob_e76e18_1244_CASSE.HNM
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd8d28e2d2713f0368ee6b7dbb5ec251cbc162ac
---
libavcodec/hnm4video.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hnm4video.c b/libavcodec/hnm4video.c
index 678d283..f394032 100644
--- a/libavcodec/hnm4video.c
+++ b/libavcodec/hnm4video.c
@@ -453,7 +453,9 @@ static av_cold int hnm_decode_init(AVCodecContext *avctx)
hnm->buffer2 = av_mallocz(avctx->width * avctx->height);
hnm->processed = av_mallocz(avctx->width * avctx->height);
- if (!hnm->buffer1 || !hnm->buffer2 || !hnm->processed) {
+ if ( !hnm->buffer1 || !hnm->buffer2 || !hnm->processed
+ || avctx->width * avctx->height == 0
+ || avctx->height % 2) {
av_log(avctx, AV_LOG_ERROR, "av_mallocz() failed\n");
av_freep(&hnm->buffer1);
av_freep(&hnm->buffer2);
More information about the ffmpeg-cvslog
mailing list