From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 45CF74BAEA for ; Fri, 31 Jan 2025 22:10:53 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 216F768BC15; Sat, 1 Feb 2025 00:10:49 +0200 (EET) Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BF70368BC15 for ; Sat, 1 Feb 2025 00:10:42 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 094484425D for ; Fri, 31 Jan 2025 22:10:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1738361442; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=dOIgHk2RCE8P5hUK2NdrEP9hLlHHnYORze3R94O19iM=; b=WTyQrz643kPfXeGKwTomy81/Amdwwc63unKKUz/NIH0cqN+m0d1S5aLFDxMw401i9u7ubW a4X/hYppknE2aunI31bOD31h37ag8oHPZmn6VBw0PUvk/LWAe+G8APu2IQquxeDAuJrH6E 2rOp+SaL5XEUMqHcXu6fEpKV5Kfl0v0qtQdVpIRfY5GtFrKVP0+9LY7M5zKSzJB0xtdXJh c8u/Lc5LmGi4rlYaSmEjDFWLkY6I/vzXD51rDlr0Q4jBPLHQf0hGTgJZJ+Hh18YDNSfyBo S7uaRVKar6uw0Y8OorXcTbko6Y8lq+Zu168JLFO9iKcVTKxiwyHJmMx0ZlMoUg== Date: Fri, 31 Jan 2025 23:10:40 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250131221040.GG4991@pb2> References: <20250130015722.2069524-1-michael@niedermayer.cc> MIME-Version: 1.0 In-Reply-To: X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdelleehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdduhedmnecujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefoihgthhgrvghlucfpihgvuggvrhhmrgihvghruceomhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtqeenucggtffrrghtthgvrhhnpeeigeektdejudffjefhteegjedtgeettefggedthfejgfevhfetgeekjedtvdfhveenucfkphepgedurdeiiedrieejrdduudefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedurdeiiedrieejrdduudefpdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH] avcodec/h263dec: Check against previous dimensions instead of coded X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============6185773562371067951==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============6185773562371067951== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BbCbQotsDX5FqdF2" Content-Disposition: inline --BbCbQotsDX5FqdF2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 30, 2025 at 09:15:23AM +0100, Kacper Michajlow wrote: > On Thu, 30 Jan 2025 at 02:57, Michael Niedermayer > wrote: > > > > Fixes: out of array access > > Fixes: crash-a41ef3db699013f669b076f02f36942925f5a98c > > > > Found-by: Kacper Michajlow > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/h263dec.c | 13 +++++++++---- > > 1 file changed, 9 insertions(+), 4 deletions(-) > > > > diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c > > index 0c23012584e..5eefdc4602b 100644 > > --- a/libavcodec/h263dec.c > > +++ b/libavcodec/h263dec.c > > @@ -431,6 +431,7 @@ int ff_h263_decode_frame(AVCodecContext *avctx, AVF= rame *pict, > > MpegEncContext *s =3D avctx->priv_data; > > int ret; > > int slice_ret =3D 0; > > + int bak_width, bak_height; > > > > /* no supplementary picture */ > > if (buf_size =3D=3D 0) { > > @@ -482,6 +483,9 @@ retry: > > if (ret < 0) > > return ret; > > > > + bak_width =3D s->width; > > + bak_height =3D s->height; > > + > > /* let's go :-) */ > > if (CONFIG_WMV2_DECODER && s->msmpeg4_version =3D=3D MSMP4_WMV2) { > > ret =3D ff_wmv2_decode_picture_header(s); > > @@ -501,11 +505,12 @@ retry: > > } > > > > if (ret < 0 || ret =3D=3D FRAME_SKIPPED) { > > - if ( s->width !=3D avctx->coded_width > > - || s->height !=3D avctx->coded_height) { > > + if ( s->width !=3D bak_width > > + || s->height !=3D bak_height) { > > av_log(s->avctx, AV_LOG_WARNING, "Reverting picture di= mensions change due to header decoding failure\n"); > > - s->width =3D avctx->coded_width; > > - s->height=3D avctx->coded_height; > > + s->width =3D bak_width; > > + s->height=3D bak_height; > > + > > } > > } > > if (ret =3D=3D FRAME_SKIPPED) > > -- > > 2.48.1 > > >=20 > Works for me. Thanks. will apply thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Some people wanted to paint the bikeshed green, some blue and some pink. People argued and fought, when they finally agreed, only rust was left. --BbCbQotsDX5FqdF2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZ51KVwAKCRBhHseHBAsP q6X2AJ9jx0rC/MATc01i0XNrLlhwuT+yPACgi8yM6LfxhZl4ZGLXa3bXgWRE5Os= =kOFE -----END PGP SIGNATURE----- --BbCbQotsDX5FqdF2-- --===============6185773562371067951== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============6185773562371067951==--