AMV: disable DR1 and don't override EMU_EDGE
authorMichael Niedermayer <michaelni@gmx.at>
Thu, 28 Apr 2011 19:10:04 +0000 (21:10 +0200)
committerReinhard Tartler <siretart@sandy.tauware.de>
Sat, 30 Apr 2011 06:19:29 +0000 (08:19 +0200)
This works around a possibly exploitable crash.
Appearently, vlc can be exploited with a malicous file. This should get
reverted as soon as a proper fix is found.

Reported-at: Thu, 21 Apr 2011 14:38:25 +0000
Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 89f903b3d5ec38c9c5d90fba7e626fa0eda61a32)
(cherry picked from commit 9b919571e506fbb72b81a35ca1e7c1bd6efc4209)
(cherry picked from commit 7089265756a84bf884a7c2290c6cda38d4dfd60f)

Signed-off-by: Reinhard Tartler <siretart@sandy.tauware.de>
libavcodec/sp5xdec.c

index 754926a..0899902 100644 (file)
@@ -90,7 +90,6 @@ static int sp5x_decode_frame(AVCodecContext *avctx,
     recoded[j++] = 0xFF;
     recoded[j++] = 0xD9;
 
-    avctx->flags &= ~CODEC_FLAG_EMU_EDGE;
     av_init_packet(&avpkt_recoded);
     avpkt_recoded.data = recoded;
     avpkt_recoded.size = j;
@@ -216,6 +215,6 @@ AVCodec amv_decoder = {
     NULL,
     ff_mjpeg_decode_end,
     sp5x_decode_frame,
-    CODEC_CAP_DR1,
+    0,
     .long_name = NULL_IF_CONFIG_SMALL("AMV Video"),
 };