On 12/14/2012 10:52 AM, Anton Khirnov wrote:
>
> On Fri, 14 Dec 2012 09:59:15 +0100, Luca Barbato <lu_z...@gentoo.org> wrote:
>> Fixes CVE-2012-2783
>>
>> CC: libav-sta...@libav.org
>> ---
>> libavcodec/vp56.c | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c
>> index 6779ffb..5bd0a1a 100644
>> --- a/libavcodec/vp56.c
>> +++ b/libavcodec/vp56.c
>> @@ -514,8 +514,14 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void
>> *data, int *got_frame,
>> s->modelp = &s->models[is_alpha];
>>
>> res = s->parse_header(s, buf, remaining_buf_size, &golden_frame);
>> - if (res < 0)
>> + if (res < 0) {
>> + int i;
>> + for (i = 0; i < 4; i++) {
>> + if (s->frames[i].data[0])
>> + avctx->release_buffer(avctx, &s->frames[i]);
>> + }
>> return res;
>> + }
>>
>> if (res == VP56_SIZE_CHANGE) {
>> int i;
>> --
>> 1.7.12
>>
>
> Both patches look fine. Assuming FATE passes and the relevant sample no
> longer double frees.
Both confirmed. Pushing soon if nobody is against.
lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
