ffmpeg | branch: release/2.2 | Michael Niedermayer <michae...@gmx.at> | Wed Nov
26 18:56:39 2014 +0100| [a06432b6c315fda5a9cc69059fd106d231e7da6c] | committer:
Michael Niedermayer
avcodec/rawdec: Check the return code of avpicture_get_size()
Fixes out of array access
Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
(cherry picked from commit 1d3a3b9f8907625b361420d48fe05716859620ff)
Conflicts:
libavcodec/rawdec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a06432b6c315fda5a9cc69059fd106d231e7da6c
---
libavcodec/rawdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
index d187d23..437363d 100644
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@@ -136,6 +136,9 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx)
context->frame_size = avpicture_get_size(avctx->pix_fmt, avctx->width,
avctx->height);
}
+ if (context->frame_size < 0)
+ return context->frame_size;
+
if ((avctx->extradata_size >= 9 &&
!memcmp(avctx->extradata + avctx->extradata_size - 9, "BottomUp", 9))
||
_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
