CVE-2017-9994

author Markus Koschany <apo@debian.org>

Sun, 30 Dec 2018 15:54:59 +0000 (16:54 +0100)

committer Markus Koschany <apo@debian.org>

Mon, 7 Jan 2019 18:45:12 +0000 (18:45 +0000)
author Markus Koschany <apo@debian.org>
Sun, 30 Dec 2018 15:54:59 +0000 (16:54 +0100)
committer Markus Koschany <apo@debian.org>
Mon, 7 Jan 2019 18:45:12 +0000 (18:45 +0000)
diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c

index 08b72c98501a6fe1cd122fc9c5a711375b45dbc8..9c55f5dc67f46ebf9a7e949fa78bb92687a88779 100644 (file)
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -32,6 +32,7 @@
  #include "thread.h"
  #include "vp8.h"
  #include "vp8data.h"
+#include "libavutil/avassert.h"
  
  #if ARCH_ARM
  #   include "arm/vp8.h"
@@ -2463,6 +2464,8 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
      enum AVDiscard skip_thresh;
      VP8Frame *av_uninit(curframe), *prev_frame;
  
+    av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVA420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P);
+
      if (is_vp7)
          ret = vp7_decode_frame_header(s, avpkt->data, avpkt->size);
      else
diff --git a/libavcodec/webp.c b/libavcodec/webp.c

index 4138e5414f8461a01f8355a9448d84cd355c9c14..c167537adba8f0450eb522a3f81a3a0b017e3faf 100644 (file)
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1304,9 +1304,8 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p,
      if (!s->initialized) {
          ff_vp8_decode_init(avctx);
          s->initialized = 1;
-        if (s->has_alpha)
-            avctx->pix_fmt = AV_PIX_FMT_YUVA420P;
      }
+    avctx->pix_fmt = s->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P;
      s->lossless = 0;
  
      if (data_size > INT_MAX) {
author	Markus Koschany <apo@debian.org>
	Sun, 30 Dec 2018 15:54:59 +0000 (16:54 +0100)
committer	Markus Koschany <apo@debian.org>
	Mon, 7 Jan 2019 18:45:12 +0000 (18:45 +0000)
libavcodec/vp8.c		patch \| blob \| history
libavcodec/webp.c		patch \| blob \| history