From: michael <michael@9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
Date: Thu, 9 Apr 2009 18:47:50 +0000 (+0000)
Subject: Make sure the block array is of the correct size.
X-Git-Url: https://rtime.felk.cvut.cz/gitweb/frescor/ffmpeg.git/commitdiff_plain/30f2000af9b768fe903ab06504bfa12fd2cb1146

Make sure the block array is of the correct size.
This might have been exploitable.


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@18393 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
---

diff --git a/libavcodec/snow.c b/libavcodec/snow.c
index a6718f8d3..d246b9abf 100644
--- a/libavcodec/snow.c
+++ b/libavcodec/snow.c
@@ -1626,6 +1626,7 @@ static int alloc_blocks(SnowContext *s){
     s->b_width = w;
     s->b_height= h;
 
+    av_free(s->block);
     s->block= av_mallocz(w * h * sizeof(BlockNode) << (s->block_max_depth*2));
     return 0;
 }
@@ -4517,7 +4518,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
                                               && p->hcoeff[2]==2;
     }
 
-    if(!s->block) alloc_blocks(s);
+    alloc_blocks(s);
 
     frame_start(s);
     //keyframe flag duplication mess FIXME