mpeg12: do not decode extradata more than once.
authorAnton Khirnov <anton@khirnov.net>
Thu, 13 Dec 2012 16:53:31 +0000 (17:53 +0100)
committerReinhard Tartler <siretart@tauware.de>
Tue, 12 Feb 2013 06:12:00 +0000 (07:12 +0100)
Fixes CVE-2012-2803.

(cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2)
(cherry picked from commit 301761792a693a1f3303a2af34a0fb066a03c10c)

Conflicts:

libavcodec/mpeg12.c

libavcodec/mpeg12.c

index 9e67ee5..95d1282 100644 (file)
@@ -1163,6 +1163,7 @@ typedef struct Mpeg1Context {
     int save_width, save_height;
     AVRational frame_rate_ext;       ///< MPEG-2 specific framerate modificator
 
+    int extradata_decoded;
 } Mpeg1Context;
 
 static av_cold int mpeg_decode_init(AVCodecContext *avctx)
@@ -2299,8 +2300,10 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
 
     s->slice_count= 0;
 
-    if(avctx->extradata && !avctx->frame_number)
+    if (avctx->extradata && !s->extradata_decoded) {
         decode_chunks(avctx, picture, data_size, avctx->extradata, avctx->extradata_size);
+        s->extradata_decoded = 1;
+    }
 
     return decode_chunks(avctx, picture, data_size, buf, buf_size);
 }