From 72810d20b74f05cc4b214d6c277fa6f43160df54 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 8 May 2017 14:43:03 +0200
Subject: [PATCH] avcodec/webp: Update canvas size in vp8_lossy_decode_frame()
 as in vp8_lossless_decode_frame()

Fixes: 1407/clusterfuzz-testcase-minimized-6044604124102656
Fixes: 1420/clusterfuzz-testcase-minimized-6059927359455232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/webp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 21e3bcfa0a..16c3ae2662 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1351,6 +1351,9 @@ static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p,
     ret = ff_vp8_decode_frame(avctx, p, got_frame, &pkt);
     if (ret < 0)
         return ret;
+
+    update_canvas_size(avctx, avctx->width, avctx->height);
+
     if (s->has_alpha) {
         ret = vp8_lossy_decode_alpha(avctx, p, s->alpha_data,
                                      s->alpha_data_size);
-- 
2.11.0