rv34: error out on size changes with frame threading

(cherry picked from commit cb7190cd2c691fd93e4d3664f3fce6c19ee001dd) Fixes: CVE-2012-2772 (according to Ubuntu)
author: Janne Grunau <janne-libav@jannau.net> 2012-03-23 22:30:38 +0100
committer: Reinhard Tartler <siretart@tauware.de> 2013-02-01 06:46:04 +0100
commit: 801eff785aa1c791d75afaa59233e9b5e9e0f4c7 (patch)
tree: de1baddfe47333904e27c3957a86e3e94234ba86 /libavcodec
parent: dd0c5e0fa909bac905ea8baa49b704892792a1c9 (diff)
download: ffmpeg-801eff785aa1c791d75afaa59233e9b5e9e0f4c7.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index a20a9892b8..95ad5dd06e 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -1280,6 +1280,14 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int
 
     if ((s->mb_x == 0 && s->mb_y == 0) || s->current_picture_ptr==NULL) {
         if(s->width != r->si.width || s->height != r->si.height){
+
+            if (HAVE_THREADS &&
+                (s->avctx->active_thread_type & FF_THREAD_FRAME)) {
+                av_log_missing_feature(s->avctx, "Width/height changing with "
+                                       "frame threading is", 0);
+                return AVERROR_PATCHWELCOME;
+            }
+
             av_log(s->avctx, AV_LOG_DEBUG, "Changing dimensions to %dx%d\n", r->si.width,r->si.height);
             MPV_common_end(s);
             s->width  = r->si.width;
author	Janne Grunau <janne-libav@jannau.net>	2012-03-23 22:30:38 +0100
committer	Reinhard Tartler <siretart@tauware.de>	2013-02-01 06:46:04 +0100
commit	801eff785aa1c791d75afaa59233e9b5e9e0f4c7 (patch)
tree	de1baddfe47333904e27c3957a86e3e94234ba86 /libavcodec
parent	dd0c5e0fa909bac905ea8baa49b704892792a1c9 (diff)
download	ffmpeg-801eff785aa1c791d75afaa59233e9b5e9e0f4c7.tar.gz