2024-07-11 17:26:04 +08:00
|
|
|
From 37fce673ad98ecc05be37376189e0bf9a3370c89 Mon Sep 17 00:00:00 2001
|
2024-07-02 15:15:46 +08:00
|
|
|
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
|
2024-07-11 17:26:04 +08:00
|
|
|
Date: Wed, 26 Jun 2024 15:55:08 +0800
|
2024-07-02 15:15:46 +08:00
|
|
|
Subject: [PATCH] CVE-2022-3109
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
libavcodec/vp3.c | 7 ++++++-
|
|
|
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
|
|
|
|
|
index a2bd2ef..0c62731 100644
|
|
|
|
|
--- a/libavcodec/vp3.c
|
|
|
|
|
+++ b/libavcodec/vp3.c
|
|
|
|
|
@@ -2740,8 +2740,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
|
|
|
|
|
if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
|
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
|
|
- if (!s->edge_emu_buffer)
|
|
|
|
|
+ if (!s->edge_emu_buffer) {
|
|
|
|
|
s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
|
|
|
|
|
+ if (!s->edge_emu_buffer) {
|
|
|
|
|
+ ret = AVERROR(ENOMEM);
|
|
|
|
|
+ goto error;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
if (s->keyframe) {
|
|
|
|
|
if (!s->theora) {
|
|
|
|
|
--
|
|
|
|
|
2.43.0
|
|
|
|
|
|
