From 00f4612675623872d73121af76bac6b33347b278 Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 15:14:44 +0100
Subject: [PATCH] CVE-2018-7557

Origin: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96

Gbp-Pq: Name CVE-2018-7557.patch
---
 libavcodec/utvideodec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
index bb8c7aa..553f45d 100644
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -28,6 +28,7 @@
 #include <stdlib.h>
 
 #include "libavutil/intreadwrite.h"
+#include "libavutil/pixdesc.h"
 #include "avcodec.h"
 #include "bswapdsp.h"
 #include "bytestream.h"
@@ -477,6 +478,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
 static av_cold int decode_init(AVCodecContext *avctx)
 {
     UtvideoContext * const c = avctx->priv_data;
+    int h_shift, v_shift;
 
     c->avctx = avctx;
 
@@ -541,6 +543,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR_INVALIDDATA;
     }
 
+    av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &h_shift, &v_shift);
+    if ((avctx->width  & ((1<<h_shift)-1)) ||
+        (avctx->height & ((1<<v_shift)-1))) {
+        avpriv_request_sample(avctx, "Odd dimensions");
+        return AVERROR_PATCHWELCOME;
+    }
+
     return 0;
 }
 
-- 
2.30.2