From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 18 Nov 2011 18:10:21 +0000 (+0100)
Subject: svq1dec: call avcodec_set_dimensions() after dimensions changed.
X-Git-Tag: v0.8b1~48
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6e24b9488e67849a28e64a8056e05f83cf439229;p=platform%2Fupstream%2Flibav.git

svq1dec: call avcodec_set_dimensions() after dimensions changed.

Fixes NGS00148, CVE-2011-4579

Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index 7eb6e60..69dbd1b 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -659,6 +659,7 @@ static int svq1_decode_frame(AVCodecContext *avctx,
     av_dlog(s->avctx, "Error in svq1_decode_frame_header %i\n",result);
     return result;
   }
+  avcodec_set_dimensions(avctx, s->width, s->height);
 
   //FIXME this avoids some confusion for "B frames" without 2 references
   //this should be removed after libavcodec can handle more flexible picture types & ordering