[vlc-commits] avcodec: Extend the check for impossible dimensions
Luca Barbato
git at videolan.org
Sun Apr 27 16:46:22 CEST 2014
vlc | branch: master | Luca Barbato <lu_zero at gentoo.org> | Sat Apr 26 21:58:10 2014 +0200| [bd467e94d1c7e5d64b9df31e760c01b390c184d4] | committer: Jean-Baptiste Kempf
avcodec: Extend the check for impossible dimensions
Overly large frame sizes are commonly caused by broken streams.
Close #11245
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=bd467e94d1c7e5d64b9df31e760c01b390c184d4
---
modules/codec/avcodec/video.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
index 022dee1..2e119d0 100644
--- a/modules/codec/avcodec/video.c
+++ b/modules/codec/avcodec/video.c
@@ -136,9 +136,12 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
avcodec_align_dimensions2(p_context, &width, &height, aligns);
}
- if( width == 0 || height == 0)
- return NULL; /* invalid display size */
+ if( width == 0 || height == 0 || width > 8192 || height > 8192 )
+ {
+ msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
+ return NULL; /* invalid display size */
+ }
p_dec->fmt_out.video.i_width = width;
p_dec->fmt_out.video.i_height = height;
More information about the vlc-commits
mailing list