diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2009-04-09 22:47:50 +0400 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2009-04-09 22:47:50 +0400 |
| commit | dc7f45a08e9f0a3f983b0fd5ce972fa4acc905ed (patch) | |
| tree | 8d5f2bb93b9a04cb0f5273ae64c28dff47c20dd6 /libavcodec | |
| parent | bc4350a333f6eafab046922fd5e42ab8759a4a04 (diff) | |
Make sure the block array is of the correct size.
This might have been exploitable.
Originally committed as revision 18393 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/snow.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/snow.c b/libavcodec/snow.c index a6718f8d39..d246b9abf2 100644 --- a/libavcodec/snow.c +++ b/libavcodec/snow.c @@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){ s->b_width = w; s->b_height= h; + av_free(s->block); s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); return 0; } @@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac && p->hcoeff[2]==2; } - if(!s->block) alloc_blocks(s); + alloc_blocks(s); frame_start(s); //keyframe flag duplication mess FIXME |