projects / platform / upstream / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0771a1)
svq1dec: check that the reference frame has the same dimensions as the current one
authorAnton Khirnov <anton@khirnov.net>
Mon, 8 Apr 2013 20:12:12 +0000 (22:12 +0200)
committerAnton Khirnov <anton@khirnov.net>
Wed, 17 Apr 2013 08:55:30 +0000 (10:55 +0200)
They can be different if the last keyframe failed to decode correctly.
Fixes possible invalid reads in such a case.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

libavcodec/svq1dec.c patch | blob | history

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index d9e6f7e..156b960 100644 (file)
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -689,7 +689,8 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data,
         } else {
             /* delta frame */
             uint8_t *previous = s->prev->data[i];
-            if (!previous) {
+            if (!previous ||
+                s->prev->width != s->width || s->prev->height != s->height) {
                 av_log(avctx, AV_LOG_ERROR, "Missing reference frame.\n");
                 result = AVERROR_INVALIDDATA;
                 goto err;
Domain: Multimedia / Media Content;