[FFmpeg-cvslog] avcodec/ivi: Use av_image_check_size2()

Michael Niedermayer git at videolan.org
Thu Jul 13 04:05:18 EEST 2017


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Jul 12 20:31:24 2017 +0200| [a82468514048fb87d9bf38689866bc3b9aaccd02] | committer: Michael Niedermayer

avcodec/ivi: Use av_image_check_size2()

Fixes OOM
Fixes: 1514/clusterfuzz-testcase-minimized-6437666243477504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a82468514048fb87d9bf38689866bc3b9aaccd02
---

 libavcodec/indeo4.c | 2 +-
 libavcodec/indeo5.c | 4 ++--
 libavcodec/ivi.c    | 4 ++--
 libavcodec/ivi.h    | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index 85d5fa3e7a..a3562f6fd8 100644
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -187,7 +187,7 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx)
 
     /* check if picture layout was changed and reallocate buffers */
     if (ivi_pic_config_cmp(&pic_conf, &ctx->pic_conf)) {
-        if (ff_ivi_init_planes(ctx->planes, &pic_conf, 1)) {
+        if (ff_ivi_init_planes(avctx, ctx->planes, &pic_conf, 1)) {
             av_log(avctx, AV_LOG_ERROR, "Couldn't reallocate color planes!\n");
             ctx->pic_conf.luma_bands = 0;
             return AVERROR(ENOMEM);
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index 5f931c8b98..81b4514038 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -113,7 +113,7 @@ static int decode_gop_header(IVI45DecContext *ctx, AVCodecContext *avctx)
 
     /* check if picture layout was changed and reallocate buffers */
     if (ivi_pic_config_cmp(&pic_conf, &ctx->pic_conf) || ctx->gop_invalid) {
-        result = ff_ivi_init_planes(ctx->planes, &pic_conf, 0);
+        result = ff_ivi_init_planes(avctx, ctx->planes, &pic_conf, 0);
         if (result < 0) {
             av_log(avctx, AV_LOG_ERROR, "Couldn't reallocate color planes!\n");
             return result;
@@ -657,7 +657,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
     ctx->pic_conf.tile_height   = avctx->height;
     ctx->pic_conf.luma_bands    = ctx->pic_conf.chroma_bands = 1;
 
-    result = ff_ivi_init_planes(ctx->planes, &ctx->pic_conf, 0);
+    result = ff_ivi_init_planes(avctx, ctx->planes, &ctx->pic_conf, 0);
     if (result) {
         av_log(avctx, AV_LOG_ERROR, "Couldn't allocate color planes!\n");
         return AVERROR_INVALIDDATA;
diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c
index 866f066862..cea40d82ca 100644
--- a/libavcodec/ivi.c
+++ b/libavcodec/ivi.c
@@ -302,7 +302,7 @@ static av_cold void ivi_free_buffers(IVIPlaneDesc *planes)
     }
 }
 
-av_cold int ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg,
+av_cold int ff_ivi_init_planes(AVCodecContext *avctx, IVIPlaneDesc *planes, const IVIPicConfig *cfg,
                                int is_indeo4)
 {
     int p, b;
@@ -312,7 +312,7 @@ av_cold int ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg,
 
     ivi_free_buffers(planes);
 
-    if (av_image_check_size(cfg->pic_width, cfg->pic_height, 0, NULL) < 0 ||
+    if (av_image_check_size2(cfg->pic_width, cfg->pic_height, avctx->max_pixels, AV_PIX_FMT_YUV410P, 0, avctx) < 0 ||
         cfg->luma_bands < 1 || cfg->chroma_bands < 1)
         return AVERROR_INVALIDDATA;
 
diff --git a/libavcodec/ivi.h b/libavcodec/ivi.h
index 79b97d5c52..1427535547 100644
--- a/libavcodec/ivi.h
+++ b/libavcodec/ivi.h
@@ -322,8 +322,8 @@ int  ff_ivi_dec_huff_desc(GetBitContext *gb, int desc_coded, int which_tab,
  *  @param[in]      is_indeo4  flag signalling if it is Indeo 4 or not
  *  @return             result code: 0 - OK
  */
-int  ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg,
-                        int is_indeo4);
+int  ff_ivi_init_planes(AVCodecContext *avctx, IVIPlaneDesc *planes,
+                        const IVIPicConfig *cfg, int is_indeo4);
 
 /**
  *  Initialize tile and macroblock descriptors.



More information about the ffmpeg-cvslog mailing list