[libav-stable] svq1dec: check that the reference frame has the same dimensions as the current one

Anton Khirnov git at libav.org
Wed Apr 17 12:22:35 CEST 2013


Module: libav
Branch: master
Commit: b1bb8fb860b47e90dd67f0c5740698128fc82dcc

Author:    Anton Khirnov <anton at khirnov.net>
Committer: Anton Khirnov <anton at khirnov.net>
Date:      Mon Apr  8 22:12:12 2013 +0200

svq1dec: check that the reference frame has the same dimensions as the current one

They can be different if the last keyframe failed to decode correctly.
Fixes possible invalid reads in such a case.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org

---

 libavcodec/svq1dec.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index d9e6f7e..156b960 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -689,7 +689,8 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
         } else {
             /* delta frame */
             uint8_t *previous = s->prev->data[i];
-            if (!previous) {
+            if (!previous ||
+                s->prev->width != s->width || s->prev->height != s->height) {
                 av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
                 result = AVERROR_INVALIDDATA;
                 goto err;



More information about the libav-stable mailing list