ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Mon May 1 17:53:11 2017 +0200| [63b8d4146d78595638417e431ea390aaf01f560f] | committer: Michael Niedermayer
avcodec/bmp: Use ff_set_dimensions() Fixes out of memory Fixes: 1282/clusterfuzz-testcase-minimized-5400131681648640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63b8d4146d78595638417e431ea390aaf01f560f --- libavcodec/bmp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 72957499d3..65d239e4f8 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -133,8 +133,11 @@ static int bmp_decode_frame(AVCodecContext *avctx, alpha = bytestream_get_le32(&buf); } - avctx->width = width; - avctx->height = height > 0 ? height : -(unsigned)height; + ret = ff_set_dimensions(avctx, width, height > 0 ? height : -(unsigned)height); + if (ret < 0) { + av_log(avctx, AV_LOG_ERROR, "Failed to set dimensions %d %d\n", width, height); + return AVERROR_INVALIDDATA; + } avctx->pix_fmt = AV_PIX_FMT_NONE; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
