virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avcodec/imm4: Unreference previous frame on frame size change

Browse Source 
Fixes: Out of array access
Fixes: 13552/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IMM4_fuzzer-5767949648920576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2019-03-09 22:22:55 +01:00
parent 1144d5c96d
commit 0be0197f49
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/imm4.c
View File

@@ -446,12 +446,14 @@ static int decode_frame(AVCodecContext *avctx, void *data,
return AVERROR_PATCHWELCOME; return AVERROR_PATCHWELCOME;
} }
if (!frame->key_frame && if (avctx->width != width ||
(avctx->width != width || avctx->height != height) {
avctx->height != height)) { if (!frame->key_frame) {
av_log(avctx, AV_LOG_ERROR, "Frame size change is unsupported.\n"); av_log(avctx, AV_LOG_ERROR, "Frame size change is unsupported.\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
av_frame_unref(s->prev_frame);
}
ret = ff_set_dimensions(avctx, width, height); ret = ff_set_dimensions(avctx, width, height);
if (ret < 0) if (ret < 0)