From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 207DD4B6F5 for ; Thu, 30 Jan 2025 08:16:01 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 05AD468BF82; Thu, 30 Jan 2025 10:15:59 +0200 (EET) Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8EB4968BE6E for ; Thu, 30 Jan 2025 10:15:57 +0200 (EET) Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-aaf57c2e0beso119488766b.3 for ; Thu, 30 Jan 2025 00:15:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738224957; x=1738829757; darn=ffmpeg.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AoMAnYaYgz7kU71+s0eldSZmrB/4Tx8xrHnMfnCq5cw=; b=PWRleJcTiYcyJrSnE1afIugQ30KkSq0E3T85byIoji5wmAY8kOdFMOcYIhsT8xAohl aKoNGyLyviyg9XBpkVqvTIpY9DGTd8XUrAPYfW5FE0zZ27LkaF9CAp0dmCjwZ4YHP9U/ kQFDH8uq+anNw+FZyq7vB1Nis/eJapDrU2HwEEAYdvUixGan/R6cxKbzdh/wsTMjCfeW 5ZkGhjQLazIs0s1dAHpa9z4o+ifd4AnEgZqu6Wo0z0WQjQTLf+1HYRgQOErA7CWXu4p1 klwYAU50r4bXzWv2YM/mIz5tpm+pLDDzgG3v2LlVFw5eyGaNaUX0ldMaP+LpXg/XP9O1 xGpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738224957; x=1738829757; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AoMAnYaYgz7kU71+s0eldSZmrB/4Tx8xrHnMfnCq5cw=; b=GsO1TPQlsQWnpUoYnTOLcrxBpr8586wjFtHJlAVxzGMRihOhT1Gxoz9Fwkg5fRsPsf lFyBWgorOQbu0qnE7BnbapSS6x46PUg6geKbcmT/0bX2eOlxq3BnWkWdm8G7HQpln5Zl ZCz2EX+sWxwC3L8vZQr8lfMTuQMLQyr6GYwfEA94cEQTp8TDHipcdueOfgYE4ZrYDNlb vOD89ywO65GhELFC4bUZNCa1HoOWyg5us65l2uhbQKMBAwf7VDQZaBk6wwXxmw2E5NSq +jcZ26qP5Ml89Tl6ATFe2UoHul3y1TuRiYjqr4/BLS2XvTdfwos8joe7o/0qaoc6Fb/D /Oaw== X-Gm-Message-State: AOJu0YxzkooAL5zKrIbC6pNupwz0lSylPQV5hVK11nC3QAVLDxzsXRzc 3WkBYfrUb1EFcUEtuTF/fLH1KVoP+3JaPLimMA0zsHp292ekity3p/GG7WKTp4R1MG6s2ZRuhFE DkGA/wLLfm1//2xii8SUqvhAPFgp9UHkZ X-Gm-Gg: ASbGncsfy56Y+eim/MHzLq9QsugchQE0UfR2EE+i81SpBsuwyXpy5tSDfyBc+t86XNd yG8AAZ36QNpUaiAh+hJQjgbhmq5pt1s+UnXdbtywukKnC53A03nOadHAFnmBOsxVRieVhlw== X-Google-Smtp-Source: AGHT+IHOmn4JfEsknVkAUkDYaQ3rhYX0Gk+ZW0hLMYpmgQQ6cRi0DYHKR7J9rTSDKf5tAzKhCV/ReSkK/sgYS42OU4U= X-Received: by 2002:a17:907:3d91:b0:ab6:efd5:ba0f with SMTP id a640c23a62f3a-ab6efd5bd50mr2281466b.30.1738224956318; Thu, 30 Jan 2025 00:15:56 -0800 (PST) MIME-Version: 1.0 References: <20250130015722.2069524-1-michael@niedermayer.cc> In-Reply-To: <20250130015722.2069524-1-michael@niedermayer.cc> From: Kacper Michajlow Date: Thu, 30 Jan 2025 09:15:23 +0100 X-Gm-Features: AWEUYZn5K2Z939YlYF6DbWhcW-ohr8wVY5kNcfTpjSPkaB2PW3MLTLUFQD11pUc Message-ID: To: Michael Niedermayer Subject: Re: [FFmpeg-devel] [PATCH] avcodec/h263dec: Check against previous dimensions instead of coded X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Thu, 30 Jan 2025 at 02:57, Michael Niedermayer wrote: > > Fixes: out of array access > Fixes: crash-a41ef3db699013f669b076f02f36942925f5a98c > > Found-by: Kacper Michajlow > Signed-off-by: Michael Niedermayer > --- > libavcodec/h263dec.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c > index 0c23012584e..5eefdc4602b 100644 > --- a/libavcodec/h263dec.c > +++ b/libavcodec/h263dec.c > @@ -431,6 +431,7 @@ int ff_h263_decode_frame(AVCodecContext *avctx, AVFrame *pict, > MpegEncContext *s = avctx->priv_data; > int ret; > int slice_ret = 0; > + int bak_width, bak_height; > > /* no supplementary picture */ > if (buf_size == 0) { > @@ -482,6 +483,9 @@ retry: > if (ret < 0) > return ret; > > + bak_width = s->width; > + bak_height = s->height; > + > /* let's go :-) */ > if (CONFIG_WMV2_DECODER && s->msmpeg4_version == MSMP4_WMV2) { > ret = ff_wmv2_decode_picture_header(s); > @@ -501,11 +505,12 @@ retry: > } > > if (ret < 0 || ret == FRAME_SKIPPED) { > - if ( s->width != avctx->coded_width > - || s->height != avctx->coded_height) { > + if ( s->width != bak_width > + || s->height != bak_height) { > av_log(s->avctx, AV_LOG_WARNING, "Reverting picture dimensions change due to header decoding failure\n"); > - s->width = avctx->coded_width; > - s->height= avctx->coded_height; > + s->width = bak_width; > + s->height= bak_height; > + > } > } > if (ret == FRAME_SKIPPED) > -- > 2.48.1 > Works for me. Thanks. - Kacper _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".