[MPlayer-cvslog] r37590 - trunk/libmpcodecs/mp_image.c

rtogni subversion at mplayerhq.hu
Fri Jan 8 00:38:44 CET 2016


Author: rtogni
Date: Fri Jan  8 00:38:44 2016
New Revision: 37590

Log:
Prevent overflow in picture size buffer allocation also for the IF09 case

Modified:
   trunk/libmpcodecs/mp_image.c

Modified: trunk/libmpcodecs/mp_image.c
==============================================================================
--- trunk/libmpcodecs/mp_image.c	Fri Jan  8 00:33:33 2016	(r37589)
+++ trunk/libmpcodecs/mp_image.c	Fri Jan  8 00:38:44 2016	(r37590)
@@ -44,6 +44,11 @@ void mp_image_alloc_planes(mp_image_t *m
   }
   // IF09 - allocate space for 4. plane delta info - unused
   if (mpi->imgfmt == IMGFMT_IF09) {
+    if ((int64_t)mpi->chroma_width*mpi->chroma_height > INT_MAX ||
+        mpi->bpp*mpi->width*(mpi->height+2)/8 > INT_MAX - mpi->chroma_width*mpi->chroma_height) {
+        mp_msg(MSGT_DECVIDEO,MSGL_WARN,"mp_image: Unreasonable image parameters\n");
+        return;
+  }
     mpi->planes[0]=av_malloc(mpi->bpp*mpi->width*(mpi->height+2)/8+
                             mpi->chroma_width*mpi->chroma_height);
   } else


More information about the MPlayer-cvslog mailing list