Skip to content

F
ffmpeg-mt
Commit 30f2000a authored by michael's avatar michael
Browse files
Options

Make sure the block array is of the correct size. 

This might have been exploitable.


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@18393 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
parent c9327751
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
libavcodec/snow.c
View file @ 30f2000a
...@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){ ...@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
s->b_width = w; s->b_width = w;
s->b_height= h; s->b_height= h;
av_free(s->block);
s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
return 0; return 0;
} }
...@@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac ...@@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
&& p->hcoeff[2]==2; && p->hcoeff[2]==2;
} }
if(!s->block) alloc_blocks(s); alloc_blocks(s);
frame_start(s); frame_start(s);
//keyframe flag duplication mess FIXME //keyframe flag duplication mess FIXME
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment