projects / platform / upstream / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5ea653)
indeo3: when freeing buffers, set pointers referencing them to NULL as well
authorKostya Shishkov <kostya.shishkov@gmail.com>
Mon, 14 May 2012 17:45:41 +0000 (19:45 +0200)
committerReinhard Tartler <siretart@tauware.de>
Fri, 4 Jan 2013 23:27:34 +0000 (00:27 +0100)
Related to CVE-2012-2804
(cherry picked from commit bc00da27010ed9e5dbe47e5b6fae3dcddb999d78)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
libavcodec/indeo3.c patch | blob | history

diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 63517c67d045c2b303a0fa36856beb531e4eb20e..48e5810e695a175f0c1c4c340c781c8d7544f595 100644 (file)
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -207,6 +207,7 @@ static av_cold void free_frame_buffers(Indeo3DecodeContext *ctx)
     for (p = 0; p < 3; p++) {
         av_freep(&ctx->planes[p].buffers[0]);
         av_freep(&ctx->planes[p].buffers[1]);
+        ctx->planes[p].pixels[0] = ctx->planes[p].pixels[1] = 0;
     }
 }
 
Domain: Multimedia / Media Content;