Update dimensions in AVCodecContext when RV3/4 frame dimensions change Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit ec10d2d53999f6edf7d7b5ac88df263eccfb1fb0) Fixes heap corruption crashes Addresses: CVE-2011-0722 Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit: 44511b17cbbb524602c91a198e7314fa57a7062a [log] [tgz]
author: Kostya Shishkov <kostya.shishkov@gmail.com> Sun Nov 22 07:48:35 2009 +0000
committer: Reinhard Tartler <siretart@tauware.de> Fri Feb 04 06:42:29 2011 +0100
tree: 6927365ec8f8a3b2196c1cd21a9fc16b66a189fd
parent: 48b086b0efa40799ace96bcec010b6b72a9490d6 [diff]
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index c227707..9fe3919 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c

@@ -1247,8 +1247,8 @@
         if(s->width != r->si.width || s->height != r->si.height){
             av_log(s->avctx, AV_LOG_DEBUG, "Changing dimensions to %dx%d\n", r->si.width,r->si.height);
             MPV_common_end(s);
-            s->width  = r->si.width;
-            s->height = r->si.height;
+            s->width  = s->avctx->width  = r->si.width;
+            s->height = s->avctx->height = r->si.height;
             if(MPV_common_init(s) < 0)
                 return -1;
             r->intra_types_hist = av_realloc(r->intra_types_hist, s->b4_stride * 4 * 2 * sizeof(*r->intra_types_hist));
commit	44511b17cbbb524602c91a198e7314fa57a7062a	[log] [tgz]
author	Kostya Shishkov <kostya.shishkov@gmail.com>	Sun Nov 22 07:48:35 2009 +0000
committer	Reinhard Tartler <siretart@tauware.de>	Fri Feb 04 06:42:29 2011 +0100
tree	6927365ec8f8a3b2196c1cd21a9fc16b66a189fd
parent	48b086b0efa40799ace96bcec010b6b72a9490d6 [diff]