From a82468514048fb87d9bf38689866bc3b9aaccd02 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Jul 2017 20:31:24 +0200 Subject: [PATCH] avcodec/ivi: Use av_image_check_size2() Fixes OOM Fixes: 1514/clusterfuzz-testcase-minimized-6437666243477504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/indeo4.c | 2 +- libavcodec/indeo5.c | 4 ++-- libavcodec/ivi.c | 4 ++-- libavcodec/ivi.h | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index 85d5fa3e7a..a3562f6fd8 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -187,7 +187,7 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx) /* check if picture layout was changed and reallocate buffers */ if (ivi_pic_config_cmp(&pic_conf, &ctx->pic_conf)) { - if (ff_ivi_init_planes(ctx->planes, &pic_conf, 1)) { + if (ff_ivi_init_planes(avctx, ctx->planes, &pic_conf, 1)) { av_log(avctx, AV_LOG_ERROR, "Couldn't reallocate color planes!\n"); ctx->pic_conf.luma_bands = 0; return AVERROR(ENOMEM); diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 5f931c8b98..81b4514038 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -113,7 +113,7 @@ static int decode_gop_header(IVI45DecContext *ctx, AVCodecContext *avctx) /* check if picture layout was changed and reallocate buffers */ if (ivi_pic_config_cmp(&pic_conf, &ctx->pic_conf) || ctx->gop_invalid) { - result = ff_ivi_init_planes(ctx->planes, &pic_conf, 0); + result = ff_ivi_init_planes(avctx, ctx->planes, &pic_conf, 0); if (result < 0) { av_log(avctx, AV_LOG_ERROR, "Couldn't reallocate color planes!\n"); return result; @@ -657,7 +657,7 @@ static av_cold int decode_init(AVCodecContext *avctx) ctx->pic_conf.tile_height = avctx->height; ctx->pic_conf.luma_bands = ctx->pic_conf.chroma_bands = 1; - result = ff_ivi_init_planes(ctx->planes, &ctx->pic_conf, 0); + result = ff_ivi_init_planes(avctx, ctx->planes, &ctx->pic_conf, 0); if (result) { av_log(avctx, AV_LOG_ERROR, "Couldn't allocate color planes!\n"); return AVERROR_INVALIDDATA; diff --git a/libavcodec/ivi.c b/libavcodec/ivi.c index 866f066862..cea40d82ca 100644 --- a/libavcodec/ivi.c +++ b/libavcodec/ivi.c @@ -302,7 +302,7 @@ static av_cold void ivi_free_buffers(IVIPlaneDesc *planes) } } -av_cold int ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg, +av_cold int ff_ivi_init_planes(AVCodecContext *avctx, IVIPlaneDesc *planes, const IVIPicConfig *cfg, int is_indeo4) { int p, b; @@ -312,7 +312,7 @@ av_cold int ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg, ivi_free_buffers(planes); - if (av_image_check_size(cfg->pic_width, cfg->pic_height, 0, NULL) < 0 || + if (av_image_check_size2(cfg->pic_width, cfg->pic_height, avctx->max_pixels, AV_PIX_FMT_YUV410P, 0, avctx) < 0 || cfg->luma_bands < 1 || cfg->chroma_bands < 1) return AVERROR_INVALIDDATA; diff --git a/libavcodec/ivi.h b/libavcodec/ivi.h index 79b97d5c52..1427535547 100644 --- a/libavcodec/ivi.h +++ b/libavcodec/ivi.h @@ -322,8 +322,8 @@ int ff_ivi_dec_huff_desc(GetBitContext *gb, int desc_coded, int which_tab, * @param[in] is_indeo4 flag signalling if it is Indeo 4 or not * @return result code: 0 - OK */ -int ff_ivi_init_planes(IVIPlaneDesc *planes, const IVIPicConfig *cfg, - int is_indeo4); +int ff_ivi_init_planes(AVCodecContext *avctx, IVIPlaneDesc *planes, + const IVIPicConfig *cfg, int is_indeo4); /** * Initialize tile and macroblock descriptors.