[FFmpeg-cvslog] Merge commit 'd34a133b78afe2793cd8537f3c7f42437f441e94'
James Almer
git at videolan.org
Sat Nov 11 05:56:17 EET 2017
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sat Nov 11 00:54:19 2017 -0300| [ecf4e6b7205f6021fbdcf3d419733edae28d8bdd] | committer: James Almer
Merge commit 'd34a133b78afe2793cd8537f3c7f42437f441e94'
* commit 'd34a133b78afe2793cd8537f3c7f42437f441e94':
dfa: Disallow odd width/height and add proper bounds check for DDS1 chunks
Merged-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ecf4e6b7205f6021fbdcf3d419733edae28d8bdd
---
libavcodec/dfa.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 43dba2c8e9..536040d65c 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -149,6 +149,8 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height
int mask = 0x10000, bitbuf = 0;
int i, v, offset, count, segments;
+ if ((width | height) & 1)
+ return AVERROR_INVALIDDATA;
segments = bytestream2_get_le16(gb);
while (segments--) {
if (bytestream2_get_bytes_left(gb) < 2)
@@ -176,7 +178,7 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height
return AVERROR_INVALIDDATA;
frame += v;
} else {
- if (frame_end - frame < width + 4)
+ if (width < 4 || frame_end - frame < width + 4)
return AVERROR_INVALIDDATA;
frame[0] = frame[1] =
frame[width] = frame[width + 1] = bytestream2_get_byte(gb);
======================================================================
More information about the ffmpeg-cvslog
mailing list