From b1bb8fb860b47e90dd67f0c5740698128fc82dcc Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Mon, 8 Apr 2013 22:12:12 +0200 Subject: [PATCH] svq1dec: check that the reference frame has the same dimensions as the current one They can be different if the last keyframe failed to decode correctly. Fixes possible invalid reads in such a case. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org --- libavcodec/svq1dec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index d9e6f7ea45..156b960859 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -689,7 +689,8 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, } else { /* delta frame */ uint8_t *previous = s->prev->data[i]; - if (!previous) { + if (!previous || + s->prev->width != s->width || s->prev->height != s->height) { av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n"); result = AVERROR_INVALIDDATA; goto err;