aboutsummaryrefslogtreecommitdiffstats
path: root/ffmpeg.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-01-25 06:32:05 +0100
committerMichael Niedermayer <michaelni@gmx.at>2012-01-25 06:48:30 +0100
commit668494acd8b20f974c7722895d4a6a14c1005f1e (patch)
tree29050ae016aeac4e5b411ec681bd3678c0326147 /ffmpeg.c
parent28d634711b0cca18677a48d18416566b6565b567 (diff)
downloadffmpeg-668494acd8b20f974c7722895d4a6a14c1005f1e.tar.gz
ffmpeg: add image size check to codec_get_buffer()
Fixes CVE-2011-3935 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'ffmpeg.c')
-rw-r--r--ffmpeg.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/ffmpeg.c b/ffmpeg.c
index 0fe418647a..dfdce6a32d 100644
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame)
FrameBuffer *buf;
int ret, i;
+ if(av_image_check_size(s->width, s->height, 0, s))
+ return -1;
+
if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0)
return ret;