Add CVE-2015-5479 patch

author Minje Ahn <minje.ahn@samsung.com>

Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)

committer Minje Ahn <minje.ahn@samsung.com>

Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)
author Minje Ahn <minje.ahn@samsung.com>
Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)
committer Minje Ahn <minje.ahn@samsung.com>
Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)
diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c

index dc3de30..dd705c7 100644 (file)
--- a/libavcodec/ituh263dec.c
+++ b/libavcodec/ituh263dec.c
@@ -30,6 +30,7 @@
  #include <limits.h>
  
  #include "libavutil/attributes.h"
+#include "libavutil/imgutils.h"
  #include "libavutil/internal.h"
  #include "libavutil/mathematics.h"
  #include "avcodec.h"
@@ -866,7 +867,7 @@ end:
  /* most is hardcoded. should extend to handle all h263 streams */
  int ff_h263_decode_picture_header(MpegEncContext *s)
  {
-    int format, width, height, i;
+    int format, width, height, i, ret;
      uint32_t startcode;
  
      align_get_bits(&s->gb);
@@ -917,8 +918,6 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
          /* H.263v1 */
          width = ff_h263_format[format][0];
          height = ff_h263_format[format][1];
-        if (!width)
-            return -1;
  
          s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb);
  
@@ -1071,6 +1070,9 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
          s->qscale = get_bits(&s->gb, 5);
      }
  
+    if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0)
+        return ret;
+
      s->mb_width = (s->width  + 15) / 16;
      s->mb_height = (s->height  + 15) / 16;
      s->mb_num = s->mb_width * s->mb_height;
author	Minje Ahn <minje.ahn@samsung.com>
	Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)
committer	Minje Ahn <minje.ahn@samsung.com>
	Tue, 20 Sep 2016 08:28:35 +0000 (17:28 +0900)