aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReimar Döffinger <Reimar.Doeffinger@gmx.de>2009-07-06 16:48:23 +0000
committerReimar Döffinger <Reimar.Doeffinger@gmx.de>2009-07-06 16:48:23 +0000
commit16c831851384ab59e73579fdd9913fbff3c0284a (patch)
treefe42b31ef2f963a5dff45ef760ebab9768e525e7
parent28bcc76ab75caee6a7f5a2bd6b8b401b359a394b (diff)
downloadffmpeg-16c831851384ab59e73579fdd9913fbff3c0284a.tar.gz
Reallocate internal buffer when coded frame size changes.
Fixes out-of-bounds reads and writes with i32/smclocki32.avi.1.0 from issue 1240. Originally committed as revision 19359 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavcodec/indeo3.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 7e4cd96842..9c14e81a55 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -107,6 +107,7 @@ static av_cold int iv_alloc_frames(Indeo3DecodeContext *s)
unsigned int bufsize = luma_pixels * 2 + luma_width * 3 +
(chroma_pixels + chroma_width) * 4;
+ av_freep(&s->buf);
if(!(s->buf = av_malloc(bufsize)))
return AVERROR(ENOMEM);
s->iv_frame[0].y_w = s->iv_frame[1].y_w = luma_width;
@@ -997,6 +998,17 @@ static int iv_decode_frame(AVCodecContext *avctx,
if(avcodec_check_dimensions(avctx, image_width, image_height))
return -1;
+ if (image_width != avctx->width || image_height != avctx->height) {
+ int ret;
+ avcodec_set_dimensions(avctx, image_width, image_height);
+ s->width = avctx->width;
+ s->height = avctx->height;
+ ret = iv_alloc_frames(s);
+ if (ret < 0) {
+ s->width = s->height = 0;
+ return ret;
+ }
+ }
chroma_height = ((image_height >> 2) + 3) & 0x7ffc;
chroma_width = ((image_width >> 2) + 3) & 0x7ffc;