On 12/14/12 5:33 PM, Ronald S. Bultje wrote:
Hi,
On Dec 14, 2012 12:59 AM, "Luca Barbato" <lu_z...@gentoo.org> wrote:
Fixes CVE-2012-2783
CC: libav-sta...@libav.org
---
libavcodec/vp56.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c
index 6779ffb..5bd0a1a 100644
--- a/libavcodec/vp56.c
+++ b/libavcodec/vp56.c
@@ -514,8 +514,14 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void
*data, int *got_frame,
s->modelp = &s->models[is_alpha];
res = s->parse_header(s, buf, remaining_buf_size, &golden_frame);
- if (res < 0)
+ if (res < 0) {
+ int i;
+ for (i = 0; i < 4; i++) {
+ if (s->frames[i].data[0])
+ avctx->release_buffer(avctx, &s->frames[i]);
+ }
return res;
+ }
if (res == VP56_SIZE_CHANGE) {
int i;
What about error resilience / concealment?
I might try to bake a sample case and see if something can be done. As
it was the result can't be worse...
lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
