From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 15:54:59 +0000 (+0100)
Subject: CVE-2017-9994
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u9+rpi1^2~37
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=adb577619c158ba1899ac37b3db0085fa1994cb0;p=libav.git

CVE-2017-9994

Origin: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef

Gbp-Pq: Name CVE-2017-9994.patch
---

diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 08b72c9..9c55f5d 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -32,6 +32,7 @@
 #include "thread.h"
 #include "vp8.h"
 #include "vp8data.h"
+#include "libavutil/avassert.h"
 
 #if ARCH_ARM
 #   include "arm/vp8.h"
@@ -2463,6 +2464,8 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     enum AVDiscard skip_thresh;
     VP8Frame *av_uninit(curframe), *prev_frame;
 
+    av_assert0(avctx->pix_fmt == AV_PIX_FMT_YUVA420P || avctx->pix_fmt == AV_PIX_FMT_YUV420P);
+
     if (is_vp7)
         ret = vp7_decode_frame_header(s, avpkt->data, avpkt->size);
     else
diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 4138e54..c167537 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1304,9 +1304,8 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p,
     if (!s->initialized) {
         ff_vp8_decode_init(avctx);
         s->initialized = 1;
-        if (s->has_alpha)
-            avctx->pix_fmt = AV_PIX_FMT_YUVA420P;
     }
+    avctx->pix_fmt = s->has_alpha ? AV_PIX_FMT_YUVA420P : AV_PIX_FMT_YUV420P;
     s->lossless = 0;
 
     if (data_size > INT_MAX) {