File CVE-2017-13194.patch of Package libvpx

Index: libvpx-1.6.1/vpx/src/vpx_image.c
===================================================================
--- libvpx-1.6.1.orig/vpx/src/vpx_image.c
+++ libvpx-1.6.1/vpx/src/vpx_image.c
@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx
     default: ycs = 0; break;
   }
 
-  /* Calculate storage sizes given the chroma subsampling */
-  align = (1 << xcs) - 1;
-  w = (d_w + align) & ~align;
-  align = (1 << ycs) - 1;
-  h = (d_h + align) & ~align;
+  /* Calculate storage sizes. If the buffer was allocated externally, the width
+   * and height shouldn't be adjusted. */
+  w = d_w;
+  h = d_h;
   s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
   s = (s + stride_align - 1) & ~(stride_align - 1);
   stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx
   img->img_data = img_data;
 
   if (!img_data) {
-    const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR)
-                                    ? (uint64_t)h * s * bps / 8
-                                    : (uint64_t)h * s;
+    uint64_t alloc_size;
+    /* Calculate storage sizes given the chroma subsampling */
+    align = (1 << xcs) - 1;
+    w = (d_w + align) & ~align;
+    align = (1 << ycs) - 1;
+    h = (d_h + align) & ~align;
+
+    s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
+    s = (s + stride_align - 1) & ~(stride_align - 1);
+    stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+    alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
+                                            : (uint64_t)h * s;
 
     if (alloc_size != (size_t)alloc_size) goto fail;