avcodec/bmp: Use ff_set_dimensions()

Fixes out of memory Fixes: 1282/clusterfuzz-testcase-minimized-5400131681648640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 63b8d4146d78595638417e431ea390aaf01f560f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-05-01 17:53:11 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-05-14 00:21:49 +0200
commit: 681ca7ecd08a28e0fd87b6d0e882eb078f0441c7 (patch)
tree: d4692224ed75dfd0a2f0d78f3612e4a29e162487
parent: 51f24cb3f59b78336f4f669669a82c026227359f (diff)
download: ffmpeg-681ca7ecd08a28e0fd87b6d0e882eb078f0441c7.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c
index 72957499d3..65d239e4f8 100644
--- a/libavcodec/bmp.c
+++ b/libavcodec/bmp.c
@@ -133,8 +133,11 @@ static int bmp_decode_frame(AVCodecContext *avctx,
         alpha = bytestream_get_le32(&buf);
     }
 
-    avctx->width  = width;
-    avctx->height = height > 0 ? height : -(unsigned)height;
+    ret = ff_set_dimensions(avctx, width, height > 0 ? height : -(unsigned)height);
+    if (ret < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Failed to set dimensions %d %d\n", width, height);
+        return AVERROR_INVALIDDATA;
+    }
 
     avctx->pix_fmt = AV_PIX_FMT_NONE;
author	Michael Niedermayer <michael@niedermayer.cc>	2017-05-01 17:53:11 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 00:21:49 +0200
commit	681ca7ecd08a28e0fd87b6d0e882eb078f0441c7 (patch)
tree	d4692224ed75dfd0a2f0d78f3612e4a29e162487
parent	51f24cb3f59b78336f4f669669a82c026227359f (diff)
download	ffmpeg-681ca7ecd08a28e0fd87b6d0e882eb078f0441c7.tar.gz