Fixes CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame) |
546 | 546 |
FrameBuffer *buf; |
547 | 547 |
int ret, i; |
548 | 548 |
|
549 |
+ if(av_image_check_size(s->width, s->height, 0, s)) |
|
550 |
+ return -1; |
|
551 |
+ |
|
549 | 552 |
if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0) |
550 | 553 |
return ret; |
551 | 554 |
|