From 6de226a2b8b703abc823f18c3fd7f39a0787aeb5 Mon Sep 17 00:00:00 2001
From: Kostya Shishkov <kostya.shishkov@gmail.com>
Date: Mon, 14 May 2012 19:46:54 +0200
Subject: indeo3: validate new frame size before resetting decoder

---
 libavcodec/indeo3.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'libavcodec/indeo3.c')

diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index e5b2ea7ef0..d526d910da 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -900,6 +900,14 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
 
         av_dlog(avctx, "Frame dimensions changed!\n");
 
+        if (width  < 16 || width  > 640 ||
+            height < 16 || height > 480 ||
+            width  &  3 || height &   3) {
+            av_log(avctx, AV_LOG_ERROR,
+                   "Invalid picture dimensions: %d x %d!\n", width, height);
+            return AVERROR_INVALIDDATA;
+        }
+
         ctx->width  = width;
         ctx->height = height;
 
-- 
cgit v1.2.3