diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-01-25 06:32:05 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-25 06:48:30 +0100 |
commit | 668494acd8b20f974c7722895d4a6a14c1005f1e (patch) | |
tree | 29050ae016aeac4e5b411ec681bd3678c0326147 /ffmpeg.c | |
parent | 28d634711b0cca18677a48d18416566b6565b567 (diff) | |
download | ffmpeg-668494acd8b20f974c7722895d4a6a14c1005f1e.tar.gz |
ffmpeg: add image size check to codec_get_buffer()
Fixes CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'ffmpeg.c')
-rw-r--r-- | ffmpeg.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame) FrameBuffer *buf; int ret, i; + if(av_image_check_size(s->width, s->height, 0, s)) + return -1; + if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0) return ret; |