From 2bc1e4fcb96c470e2ccb2a0a78a415d5eab960c8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 14 Apr 2012 20:04:05 +0200
Subject: [PATCH] indeo4: update AVCodecContext width/height on size change

Fixes CVE-2012-2787

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit b146d74730ab9ec5abede9066f770ad851e45fbc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
---
 libavcodec/ivi_common.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c
index b36b31dfac..db33767820 100644
--- a/libavcodec/ivi_common.c
+++ b/libavcodec/ivi_common.c
@@ -823,6 +823,7 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
         avctx->release_buffer(avctx, &ctx->frame);
 
     ctx->frame.reference = 0;
+    avcodec_set_dimensions(avctx, ctx->planes[0].width, ctx->planes[0].height);
     if ((result = avctx->get_buffer(avctx, &ctx->frame)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return result;