Module: ffmpeg Branch: release/0.5 Commit: 44511b17cbbb524602c91a198e7314fa57a7062a
Author: Kostya Shishkov <[email protected]> Date: Sun Nov 22 07:48:35 2009 +0000 Update dimensions in AVCodecContext when RV3/4 frame dimensions change Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit ec10d2d53999f6edf7d7b5ac88df263eccfb1fb0) Fixes heap corruption crashes Addresses: CVE-2011-0722 Signed-off-by: Reinhard Tartler <[email protected]> --- libavcodec/rv34.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index c227707..9fe3919 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1247,8 +1247,8 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int if(s->width != r->si.width || s->height != r->si.height){ av_log(s->avctx, AV_LOG_DEBUG, "Changing dimensions to %dx%d\n", r->si.width,r->si.height); MPV_common_end(s); - s->width = r->si.width; - s->height = r->si.height; + s->width = s->avctx->width = r->si.width; + s->height = s->avctx->height = r->si.height; if(MPV_common_init(s) < 0) return -1; r->intra_types_hist = av_realloc(r->intra_types_hist, s->b4_stride * 4 * 2 * sizeof(*r->intra_types_hist)); _______________________________________________ ffmpeg-commits mailing list [email protected] https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-commits
