diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2019-08-10 23:09:49 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-08-11 19:13:21 +0200 |
commit | 9cd1e939cf26e7a53f28cbbda22d27535981b9db (patch) | |
tree | 68deaf3eadcb35031673ded3d79fe063f101819a /libavcodec/dds.c | |
parent | 1d72b5d2d5225dde0662a1f2083a27f86a8fdb98 (diff) | |
download | ffmpeg-9cd1e939cf26e7a53f28cbbda22d27535981b9db.tar.gz |
avcodec/dds: Use ff_set_dimensions()
Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int'
Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/dds.c')
-rw-r--r-- | libavcodec/dds.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libavcodec/dds.c b/libavcodec/dds.c index f026f9cd5a..9154f692fa 100644 --- a/libavcodec/dds.c +++ b/libavcodec/dds.c @@ -613,6 +613,7 @@ static int dds_decode(AVCodecContext *avctx, void *data, AVFrame *frame = data; int mipmap; int ret; + int width, height; ff_texturedsp_init(&ctx->texdsp); bytestream2_init(gbc, avpkt->data, avpkt->size); @@ -631,9 +632,9 @@ static int dds_decode(AVCodecContext *avctx, void *data, bytestream2_skip(gbc, 4); // flags - avctx->height = bytestream2_get_le32(gbc); - avctx->width = bytestream2_get_le32(gbc); - ret = av_image_check_size(avctx->width, avctx->height, 0, avctx); + height = bytestream2_get_le32(gbc); + width = bytestream2_get_le32(gbc); + ret = ff_set_dimensions(avctx, width, height); if (ret < 0) { av_log(avctx, AV_LOG_ERROR, "Invalid image size %dx%d.\n", avctx->width, avctx->height); |