mpeg12: do not decode extradata more than once.

Fixes CVE-2012-2803. (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) Conflicts: libavcodec/mpeg12.c libavcodec/mpeg12.h
author: Anton Khirnov <anton@khirnov.net> 2012-12-13 17:53:31 +0100
committer: Reinhard Tartler <siretart@tauware.de> 2013-02-02 09:54:16 +0100
commit: 301761792a693a1f3303a2af34a0fb066a03c10c (patch)
tree: 78818d37e55ead680527b6cbcaedd722fd4729bb /libavcodec
parent: 440e98574bde9ca606dfea60c7dda8de555067f7 (diff)
download: ffmpeg-301761792a693a1f3303a2af34a0fb066a03c10c.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c
index 03c95c191d..047c38f18a 100644
--- a/libavcodec/mpeg12.c
+++ b/libavcodec/mpeg12.c
@@ -1147,6 +1147,7 @@ typedef struct Mpeg1Context {
     int save_width, save_height, save_progressive_seq;
     AVRational frame_rate_ext;       ///< MPEG-2 specific framerate modificator
     int sync;                        ///< Did we reach a sync point like a GOP/SEQ/KEYFrame?
+    int extradata_decoded;
 } Mpeg1Context;
 
 static av_cold int mpeg_decode_init(AVCodecContext *avctx)
@@ -2279,8 +2280,10 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
 
     s->slice_count= 0;
 
-    if(avctx->extradata && !avctx->frame_number)
+    if (avctx->extradata && !s->extradata_decoded) {
         decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        s->extradata_decoded = 1;
+    }
 
     return decode_chunks(avctx, picture, data_size, buf, buf_size);
 }
author	Anton Khirnov <anton@khirnov.net>	2012-12-13 17:53:31 +0100
committer	Reinhard Tartler <siretart@tauware.de>	2013-02-02 09:54:16 +0100
commit	301761792a693a1f3303a2af34a0fb066a03c10c (patch)
tree	78818d37e55ead680527b6cbcaedd722fd4729bb /libavcodec
parent	440e98574bde9ca606dfea60c7dda8de555067f7 (diff)
download	ffmpeg-301761792a693a1f3303a2af34a0fb066a03c10c.tar.gz