vp8: fix crash due to skiped update_dimensions().
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 23 Apr 2012 01:29:48 +0000 (03:29 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 23 Apr 2012 08:47:33 +0000 (10:47 +0200)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/vp8.c

index 07e5b61..1ca5bab 100644 (file)
@@ -108,7 +108,7 @@ static void vp8_decode_flush(AVCodecContext *avctx)
 
 static int update_dimensions(VP8Context *s, int width, int height)
 {
-    if (width  != s->avctx->width ||
+    if (width  != s->avctx->width || ((width+15)/16 != s->mb_width || (height+15)/16 != s->mb_height) && s->macroblocks_base ||
         height != s->avctx->height) {
         if (av_image_check_size(width, height, 0, s->avctx))
             return AVERROR_INVALIDDATA;
@@ -333,7 +333,7 @@ static int decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_size)
     }
 
     if (!s->macroblocks_base || /* first frame */
-        width != s->avctx->width || height != s->avctx->height) {
+        width != s->avctx->width || height != s->avctx->height || (width+15)/16 != s->mb_width || (height+15)/16 != s->mb_height) {
         if ((ret = update_dimensions(s, width, height)) < 0)
             return ret;
     }