RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make sure the block array is of the correct size. 

This might have been exploitable.

Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer 2009-04-09 18:47:50 +00:00
parent bc4350a333
commit dc7f45a08e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/snow.c
View File

@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
s->b_width = w; s->b_width = w;
s->b_height= h; s->b_height= h;
av_free(s->block);
s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
return 0; return 0;
} }
@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
&& p->hcoeff[2]==2; && p->hcoeff[2]==2;
} }
if(!s->block) alloc_blocks(s); alloc_blocks(s);
frame_start(s); frame_start(s);
//keyframe flag duplication mess FIXME //keyframe flag duplication mess FIXME