From d39b770aa27687da3b799252e614caa8b8686c13 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 26 Feb 2016 12:59:08 +0100 Subject: [PATCH] avcodec/utils: Check that the video data[] arrays are NULL on the input to get_buffer_internal() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This should return an error to the decoder if the struct it tried to getbuffer is dirty Reviewed-by: Reimar Döffinger Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index b5de8a10b1..5791ffaef6 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -870,6 +870,11 @@ static int get_buffer_internal(AVCodecContext *avctx, AVFrame *frame, int flags) frame->height = FFMAX(avctx->height, AV_CEIL_RSHIFT(avctx->coded_height, avctx->lowres)); override_dimensions = 0; } + + if (frame->data[0] || frame->data[1] || frame->data[2] || frame->data[3]) { + av_log(avctx, AV_LOG_ERROR, "pic->data[*]!=NULL in get_buffer_internal\n"); + return AVERROR(EINVAL); + } } ret = ff_decode_frame_props(avctx, frame); if (ret < 0)