[FFmpeg-devel] [PATCH 2/2] backport out of array access fix / CVE-2019-17542 / 15919 clusterfuzz

Thu Nov 14 22:01:42 EET 2019

Hello,

This patch is nearly identical to commit
02f909dc24b1f05cfbba75077c7707b905e63cd2, but is intended to backport
the fix for CVE-2019-17542 to ffmpeg version 3.4.6, which is in use on
RHEL 7 systems that get ffmpeg from rpmfusion.

https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2

---
 libavcodec/vqavideo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 0e70be1..b9743ab 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -147,7 +147,7 @@ static av_cold int vqa_decode_init(AVCodecContext
*avctx)
     }
     s->width = AV_RL16(&s->avctx->extradata[6]);
     s->height = AV_RL16(&s->avctx->extradata[8]);
-    if ((ret = av_image_check_size(s->width, s->height, 0, avctx)) < 0) {
+    if ((ret = ff_set_dimensions(avctx, s->width, s->height)) < 0) {
         s->width= s->height= 0;
         return ret;
     }
-- 
2.21.0


Thanks,
--James
