Browse code
ffmpeg: add image size check to codec_get_buffer()
Fixes CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2012/01/25 14:32:05Showing 1 changed files
| ... | ... |
@@ -546,6 +546,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame *frame) |
| 546 | 546 |
FrameBuffer *buf; |
| 547 | 547 |
int ret, i; |
| 548 | 548 |
|
| 549 |
+ if(av_image_check_size(s->width, s->height, 0, s)) |
|
| 550 |
+ return -1; |
|
| 551 |
+ |
|
| 549 | 552 |
if (!ist->buffer_pool && (ret = alloc_buffer(s, ist, &ist->buffer_pool)) < 0) |
| 550 | 553 |
return ret; |
| 551 | 554 |
|