diff options
| author | Reinhard Tartler <siretart@tauware.de> | 2010-02-11 20:57:49 +0000 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2010-02-11 20:57:49 +0000 |
| commit | 48b98cdc677370b8251b0491820ce695b7d76a23 (patch) | |
| tree | 5051e062d6c2f71194b49f40c51e97e4e267b127 | |
| parent | 9d442d2d7d24cae9eeaba1f8eee7ec58a4e7d272 (diff) | |
Make sure the block array is of the correct size.
This might have been exploitable.
backported r18393 by michael
Originally committed as revision 21758 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
| -rw-r--r-- | libavcodec/snow.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libavcodec/snow.c b/libavcodec/snow.c index 5a8bcb8fb6..fbffce8429 100644 --- a/libavcodec/snow.c +++ b/libavcodec/snow.c @@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){ s->b_width = w; s->b_height= h; + av_free(s->block); s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2)); return 0; } @@ -4515,7 +4516,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, const && p->hcoeff[2]==2; } - if(!s->block) alloc_blocks(s); + alloc_blocks(s); frame_start(s); //keyframe flag duplication mess FIXME |