ffmpeg | branch: release/1.1 | Michael Niedermayer <michae...@gmx.at> | Mon Aug 4 01:12:47 2014 +0100| [437848e37ae7ef73cd8101031dc570d1f009ffd5] | committer: Vittorio Giovara
vp3: Copy all 3 frames for thread updates Fixes a double release of the current frame on deinit. Bug-Id: CVE-2011-3934 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giov...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=437848e37ae7ef73cd8101031dc570d1f009ffd5 --- libavcodec/vp3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 1d68c09..c334363 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -1869,7 +1869,7 @@ static int vp3_update_thread_context(AVCodecContext *dst, const AVCodecContext * ||s->width != s1->width ||s->height!= s1->height) { if (s != s1) - copy_fields(s, s1, golden_frame, current_frame); + copy_fields(s, s1, golden_frame, keyframe); return -1; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
