[FFmpeg-cvslog] r21758 - in branches/0.5: . libavcodec/snow.c
siretart
subversion
Thu Feb 11 21:57:49 CET 2010
Author: siretart
Date: Thu Feb 11 21:57:49 2010
New Revision: 21758
Log:
Make sure the block array is of the correct size.
This might have been exploitable.
backported r18393 by michael
Modified:
branches/0.5/ (props changed)
branches/0.5/libavcodec/snow.c
Modified: branches/0.5/libavcodec/snow.c
==============================================================================
--- branches/0.5/libavcodec/snow.c Thu Feb 11 17:22:59 2010 (r21757)
+++ branches/0.5/libavcodec/snow.c Thu Feb 11 21:57:49 2010 (r21758)
@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
s->b_width = w;
s->b_height= h;
+ av_free(s->block);
s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
return 0;
}
@@ -4515,7 +4516,7 @@ static int decode_frame(AVCodecContext *
&& p->hcoeff[2]==2;
}
- if(!s->block) alloc_blocks(s);
+ alloc_blocks(s);
frame_start(s);
//keyframe flag duplication mess FIXME
More information about the ffmpeg-cvslog
mailing list