Skip to content

Commit e724bd1

Browse files
committed
avcodec/utvideodec: Check subsample factors
Fixes: Out of array read Fixes: heap_poc Found-by: GwanYeong Kim <gy741.kim@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7414d0b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1 parent 11d0464 commit e724bd1

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

Diff for: libavcodec/utvideodec.c

+9
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
#include <stdlib.h>
2929

3030
#include "libavutil/intreadwrite.h"
31+
#include "libavutil/pixdesc.h"
3132
#include "avcodec.h"
3233
#include "bswapdsp.h"
3334
#include "bytestream.h"
@@ -474,6 +475,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
474475
static av_cold int decode_init(AVCodecContext *avctx)
475476
{
476477
UtvideoContext * const c = avctx->priv_data;
478+
int h_shift, v_shift;
477479

478480
c->avctx = avctx;
479481

@@ -538,6 +540,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
538540
return AVERROR_INVALIDDATA;
539541
}
540542

543+
av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &h_shift, &v_shift);
544+
if ((avctx->width & ((1<<h_shift)-1)) ||
545+
(avctx->height & ((1<<v_shift)-1))) {
546+
avpriv_request_sample(avctx, "Odd dimensions");
547+
return AVERROR_PATCHWELCOME;
548+
}
549+
541550
return 0;
542551
}
543552

0 commit comments

Comments
 (0)