[libav-devel] [PATCH] [0.8] avconv: add image size check to codec_get_buffer()

Diego Biurrun Sun, 03 Aug 2014 08:29:35 -0700

From: Michael Niedermayer <michae...@gmx.at>

Fixes CVE-2011-3935


Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
Signed-off-by: Diego Biurrun <di...@biurrun.de>
---

This is the version for the 0.8 branch.  I have no sample to verify
the fix.

 avconv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/avconv.c b/avconv.c
index 4c57753..3d00e61 100644
--- a/avconv.c
+++ b/avconv.c
@@ -496,6 +496,9 @@ static int codec_get_buffer(AVCodecContext *s, AVFrame 
*frame)
     FrameBuffer *buf;
     int ret, i;
 
+    if (av_image_check_size(s->width, s->height, 0, s))
+        return AVERROR_INVALIDDATA;
+
     if (!ist->buffer_pool && (ret = alloc_buffer(ist, &ist->buffer_pool)) < 0)
         return ret;
 
-- 
1.8.3.2

_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] [0.8] avconv: add image size check to codec_get_buffer()

Reply via email to