avcodec: Introduce ff_get_buffer

Validate the image size there as is done in the other release branches. Bug-Id: CVE-2011-3935 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
author: Luca Barbato <lu_zero@gentoo.org> 2014-08-08 18:07:43 +0200
committer: Luca Barbato <lu_zero@gentoo.org> 2014-08-09 04:01:15 +0200
commit: 0ab76ddf313eeab70d06619ae0376fd7dd40761b (patch)
tree: 5b9cc612dea64c831a020c831ddd998c709cb796 /libavcodec/s302m.c
parent: 042c25f54bd25b52d2936b822be026450971a82d (diff)
download: ffmpeg-0ab76ddf313eeab70d06619ae0376fd7dd40761b.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/s302m.c b/libavcodec/s302m.c
index 34018aeb46..f18059da51 100644
--- a/libavcodec/s302m.c
+++ b/libavcodec/s302m.c
@@ -22,6 +22,7 @@
 
 #include "libavutil/intreadwrite.h"
 #include "avcodec.h"
+#include "internal.h"
 
 #define AES3_HEADER_LEN 4
 
@@ -94,7 +95,7 @@ static int s302m_decode_frame(AVCodecContext *avctx, void *data,
     /* get output buffer */
     block_size = (avctx->bits_per_coded_sample + 4) / 4;
     s->frame.nb_samples = 2 * (buf_size / block_size) / avctx->channels;
-    if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) {
+    if ((ret = ff_get_buffer(avctx, &s->frame)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return ret;
     }
author	Luca Barbato <lu_zero@gentoo.org>	2014-08-08 18:07:43 +0200
committer	Luca Barbato <lu_zero@gentoo.org>	2014-08-09 04:01:15 +0200
commit	0ab76ddf313eeab70d06619ae0376fd7dd40761b (patch)
tree	5b9cc612dea64c831a020c831ddd998c709cb796 /libavcodec/s302m.c
parent	042c25f54bd25b52d2936b822be026450971a82d (diff)
download	ffmpeg-0ab76ddf313eeab70d06619ae0376fd7dd40761b.tar.gz