From 48b086b0efa40799ace96bcec010b6b72a9490d6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 22 Apr 2009 01:54:05 +0000 Subject: [PATCH] Update safety check as the maximum pixel size is no longer 4. New max size is 16bit * 4 samples (RGBA). Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa) Addresses: CVE-2010-3908 Signed-off-by: Reinhard Tartler --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index f628774cd7..acfafa1344 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -189,7 +189,7 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){ } int avcodec_check_dimensions(void *av_log_ctx, unsigned int w, unsigned int h){ - if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/4) + if((int)w>0 && (int)h>0 && (w+128)*(uint64_t)(h+128) < INT_MAX/8) return 0; av_log(av_log_ctx, AV_LOG_ERROR, "picture size invalid (%ux%u)\n", w, h);