avsdec: Set dimensions instead of relying on the demuxer.
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 20 Apr 2012 15:42:18 +0000 (17:42 +0200)
committerReinhard Tartler <siretart@tauware.de>
Sun, 10 Feb 2013 17:01:15 +0000 (18:01 +0100)
The decode function assumes that the video will have those dimensions.

Fixes CVE-2012-2801

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 85f477935cd6b34e6ec2716b20e15ce748277a89)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
libavcodec/avs.c

index 3b29c85..e8a55fd 100644 (file)
@@ -145,6 +145,7 @@ avs_decode_frame(AVCodecContext * avctx,
 static av_cold int avs_decode_init(AVCodecContext * avctx)
 {
     avctx->pix_fmt = PIX_FMT_PAL8;
+    avcodec_set_dimensions(avctx, 318, 198);
     return 0;
 }