projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
bc4350a
)
Make sure the block array is of the correct size.
author
Michael Niedermayer
<michaelni@gmx.at>
Thu, 9 Apr 2009 18:47:50 +0000
(18:47 +0000)
committer
Michael Niedermayer
<michaelni@gmx.at>
Thu, 9 Apr 2009 18:47:50 +0000
(18:47 +0000)
This might have been exploitable.
Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk
libavcodec/snow.c
patch
|
blob
|
history
diff --git
a/libavcodec/snow.c
b/libavcodec/snow.c
index
a6718f8
..
d246b9a
100644
(file)
--- a/
libavcodec/snow.c
+++ b/
libavcodec/snow.c
@@
-1626,6
+1626,7
@@
static int alloc_blocks(SnowContext *s){
s->b_width = w;
s->b_height= h;
+ av_free(s->block);
s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
return 0;
}
@@
-4517,7
+4518,7
@@
static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
&& p->hcoeff[2]==2;
}
-
if(!s->block)
alloc_blocks(s);
+ alloc_blocks(s);
frame_start(s);
//keyframe flag duplication mess FIXME