virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

cavsdec: check for changing w/h.

Browse Source 
Our decoder does not support changing w/h.

Fixes CVE-2012-2777 and CVE-2012-2784.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer
2012-03-24 02:40:24 +01:00
committed by Anton Khirnov
parent 12e1e83461
commit c20a696306
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libavcodec/cavsdec.c
View File

@@ -1056,12 +1056,21 @@ static int decode_pic(AVSContext *h) {
static int decode_seq_header(AVSContext *h) {
MpegEncContext *s = &h->s;
int frame_rate_code;
int width, height;
h->profile = get_bits(&s->gb,8);
h->level = get_bits(&s->gb,8);
skip_bits1(&s->gb); //progressive sequence
s->width = get_bits(&s->gb,14);
s->height = get_bits(&s->gb,14);
width = get_bits(&s->gb, 14);
height = get_bits(&s->gb, 14);
if ((s->width || s->height) && (s->width != width || s->height != height)) {
av_log_missing_feature(s, "Width/height changing in CAVS is", 0);
return AVERROR_PATCHWELCOME;
}
s->width = width;
s->height = height;
skip_bits(&s->gb,2); //chroma format
skip_bits(&s->gb,3); //sample_precision
h->aspect_ratio = get_bits(&s->gb,4);