[FFmpeg-cvslog] r21758 - in branches/0.5: . libavcodec/snow.c

siretart subversion
Thu Feb 11 21:57:49 CET 2010


Author: siretart
Date: Thu Feb 11 21:57:49 2010
New Revision: 21758

Log:
Make sure the block array is of the correct size.
This might have been exploitable.

backported r18393 by michael

Modified:
   branches/0.5/   (props changed)
   branches/0.5/libavcodec/snow.c

Modified: branches/0.5/libavcodec/snow.c
==============================================================================
--- branches/0.5/libavcodec/snow.c	Thu Feb 11 17:22:59 2010	(r21757)
+++ branches/0.5/libavcodec/snow.c	Thu Feb 11 21:57:49 2010	(r21758)
@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
     s->b_width = w;
     s->b_height= h;
 
+    av_free(s->block);
     s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
     return 0;
 }
@@ -4515,7 +4516,7 @@ static int decode_frame(AVCodecContext *
                                               && p->hcoeff[2]==2;
     }
 
-    if(!s->block) alloc_blocks(s);
+    alloc_blocks(s);
 
     frame_start(s);
     //keyframe flag duplication mess FIXME



More information about the ffmpeg-cvslog mailing list