From 4c0dda2b3f45471faa233c62205e712fb072a76b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 22 Sep 2009 22:44:56 +0000 Subject: [PATCH] Check codec_id and codec_type in avcodec_open(), based on 43_codec_type_mismatch.patch from chrome This is said to be able to lead to a stack based buffer overflow. Originally committed as revision 19973 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 1ec039e5e9..c31608df99 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -481,7 +481,10 @@ int attribute_align_arg avcodec_open(AVCodecContext *avctx, AVCodec *codec) } avctx->codec = codec; - avctx->codec_id = codec->id; + if(avctx->codec_id != codec->id || avctx->codec_type != codec->type){ + av_log(avctx, AV_LOG_ERROR, "codec type or id mismatches\n"); + goto end; + } avctx->frame_number = 0; if(avctx->codec->init){ ret = avctx->codec->init(avctx);