mpeg12: do not decode extradata more than once.

Fixes CVE-2012-2803. (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) (cherry picked from commit 301761792a693a1f3303a2af34a0fb066a03c10c) Conflicts: libavcodec/mpeg12.c
author: Anton Khirnov <anton@khirnov.net> 2012-12-13 17:53:31 +0100
committer: Reinhard Tartler <siretart@tauware.de> 2013-02-12 07:12:00 +0100
commit: 0b25c3b67cef73ab1370db99da906ebc215a3c72 (patch)
tree: 8c0f139ec6b291033778ab956b7f86fb65eb029a
parent: b9500bf864e9b5619f9d3b1331f4487a1a70ecf4 (diff)
download: ffmpeg-0b25c3b67cef73ab1370db99da906ebc215a3c72.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index 9e67ee5c61..95d128214d 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -1163,6 +1163,7 @@ typedef struct Mpeg1Context {
     int save_width, save_height;
     AVRational frame_rate_ext;       ///< MPEG-2 specific framerate modificator
 
+    int extradata_decoded;
 } Mpeg1Context;
 
 static av_cold int mpeg_decode_init(AVCodecContext *avctx)
@@ -2299,8 +2300,10 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
 
     s->slice_count= 0;
 
-    if(avctx->extradata && !avctx->frame_number)
+    if (avctx->extradata && !s->extradata_decoded) {
         decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        s->extradata_decoded = 1;
+    }
 
     return decode_chunks(avctx, picture, data_size, buf, buf_size);
 }
author	Anton Khirnov <anton@khirnov.net>	2012-12-13 17:53:31 +0100
committer	Reinhard Tartler <siretart@tauware.de>	2013-02-12 07:12:00 +0100
commit	0b25c3b67cef73ab1370db99da906ebc215a3c72 (patch)
tree	8c0f139ec6b291033778ab956b7f86fb65eb029a
parent	b9500bf864e9b5619f9d3b1331f4487a1a70ecf4 (diff)
download	ffmpeg-0b25c3b67cef73ab1370db99da906ebc215a3c72.tar.gz