From 6e24b9488e67849a28e64a8056e05f83cf439229 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 18 Nov 2011 19:10:21 +0100 Subject: [PATCH] svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer --- libavcodec/svq1dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 7eb6e607d1..69dbd1b25d 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -659,6 +659,7 @@ static int svq1_decode_frame(AVCodecContext *avctx, av_dlog(s->avctx, "Error in svq1_decode_frame_header %i\n",result); return result; } + avcodec_set_dimensions(avctx, s->width, s->height); //FIXME this avoids some confusion for "B frames" without 2 references //this should be removed after libavcodec can handle more flexible picture types & ordering