[FFmpeg-devel] msvideo1_decode_init: check frame dimensions

Submitted by Xiao Yang on June 12, 2018, 12:45 a.m.

Details

Message ID SIXPR01MB05600269704BFA46013412D3AD7F0@SIXPR01MB0560.apcprd01.prod.exchangelabs.com
State New
Headers show

Commit Message

Xiao Yang June 12, 2018, 12:45 a.m.
---
 libavcodec/msvideo1.c |    7 +++++++
 1 file changed, 7 insertions(+)

Comments

Michael Niedermayer June 13, 2018, 2:29 p.m.
On Tue, Jun 12, 2018 at 12:45:00AM +0000, Xiao Yang wrote:
> ---
>  libavcodec/msvideo1.c |    7 +++++++
>  1 file changed, 7 insertions(+)

please provide a reproducabel testcase that shows the problem this fixes

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/msvideo1.c b/libavcodec/msvideo1.c
index 29700f5..04c5ebb 100644
--- a/libavcodec/msvideo1.c
+++ b/libavcodec/msvideo1.c
@@ -73,6 +73,13 @@  static av_cold int msvideo1_decode_init(AVCodecContext *avctx)
         avctx->pix_fmt = AV_PIX_FMT_RGB555;
     }
 
+    if (!avctx->width || !avctx->height ||
+        (avctx->width & 1) || (avctx->height & 1)) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n",
+               avctx->width, avctx->height);
+        return AVERROR(EINVAL);
+    }
+
     s->frame = av_frame_alloc();
     if (!s->frame)
         return AVERROR(ENOMEM);