[SCM] libav/wheezy-security: h264: check that execute_decode_slices() is not called too many times
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 1 21:36:12 UTC 2014
The following commit has been merged in the wheezy-security branch:
commit 7f33a24e824c6d20cb941e6b20c5382becfbc923
Author: Anton Khirnov <anton at khirnov.net>
Date: Thu Nov 28 10:54:35 2013 +0100
h264: check that execute_decode_slices() is not called too many times
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 886fc04..7d1945f 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3818,6 +3818,12 @@ static int execute_decode_slices(H264Context *h, int context_count){
H264Context *hx;
int i;
+ if (s->mb_y >= s->mb_height) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Input contains more MB rows than the frame height.\n");
+ return AVERROR_INVALIDDATA;
+ }
+
if (s->avctx->hwaccel || s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU)
return 0;
if(context_count == 1) {
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list