indeo4: update AVCodecContext width/height on size change

Fixes CVE-2012-2787

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit b146d74730ab9ec5abede9066f770ad851e45fbc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c
index b36b31dfac6b3b944804c97fa8fb0c6c19ce799a..db337678207a58da7cee9f1034a6297041ac9386 100644 (file)
--- a/libavcodec/ivi_common.c
+++ b/libavcodec/ivi_common.c
@@ -823,6 +823,7 @@ int ff_ivi_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
         avctx->release_buffer(avctx, &ctx->frame);
 
     ctx->frame.reference = 0;
+    avcodec_set_dimensions(avctx, ctx->planes[0].width, ctx->planes[0].height);
     if ((result = avctx->get_buffer(avctx, &ctx->frame)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return result;