From b5f4836f8cb374f1a5ae45db48b61a1dfba0daad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Nov 2012 01:22:31 +0100 Subject: [PATCH] vc1: check image height, fix division by 0 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 1e78f385f8..7c07138007 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -5521,6 +5521,11 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, goto err; } + if ((s->mb_height >> v->field_mode) == 0) { + av_log(v->s.avctx, AV_LOG_ERROR, "image too short\n"); + goto err; + } + // process pulldown flags s->current_picture_ptr->f.repeat_pict = 0; // Pulldown flags are only valid when 'broadcast' has been set.