blob: febf49cff237bfb098f95d109c088c41a1d2f0bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Tue, 15 Feb 2022 17:58:08 +0800
Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.
Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
CVE: CVE-2022-3109
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
Comments: Refreshed hunk
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
libavcodec/vp3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index e9ab54d73677..e2418eb6fa04 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2740,8 +2740,13 @@
if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
goto error;
- if (!s->edge_emu_buffer)
+ if (!s->edge_emu_buffer) {
s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
+ if (!s->edge_emu_buffer) {
+ ret = AVERROR(ENOMEM);
+ goto error;
+ }
+ }
if (s->keyframe) {
if (!s->theora) {
|
