[FFmpeg-devel] [PATCH] avcodec/gifdec: truncate too big width/height for invalid gif files

Carl Eugen Hoyos ceffmpeg at gmail.com
Wed Dec 12 16:59:49 EET 2018


2018-12-12 13:47 GMT+01:00, Tomas Härdin <tjoppen at acc.umu.se>:
> mån 2018-12-10 klockan 13:34 +0100 skrev Paul B Mahol:
>> Fixes #6874.
>>
>> > Signed-off-by: Paul B Mahol <onemda at gmail.com>
>> ---
>>  libavcodec/gifdec.c | 16 ++++++++++++----
>>  1 file changed, 12 insertions(+), 4 deletions(-)
>>
>> diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
>> index 54f1d4c0ba..0eb1c21d99 100644
>> --- a/libavcodec/gifdec.c
>> +++ b/libavcodec/gifdec.c
>> @@ -179,12 +179,20 @@ static int gif_read_image(GifState *s, AVFrame
>> *frame)
>>      }
>>
>>      /* verify that all the image is inside the screen dimensions */
>> -    if (!width || width > s->screen_width || left >= s->screen_width) {
>> -        av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n");
>> +    if (!width || width > s->screen_width) {
>> +        av_log(s->avctx, AV_LOG_WARNING, "Invalid image width: %d,
>> truncating.\n", width);
>> +        width = s->screen_width;
>> +    }
>> +    if (left >= s->screen_width) {
>> +        av_log(s->avctx, AV_LOG_ERROR, "Invalid left position: %d.\n",
>> left);
>>          return AVERROR_INVALIDDATA;
>>      }
>> -    if (!height || height > s->screen_height || top >= s->screen_height)
>> {
>> -        av_log(s->avctx, AV_LOG_ERROR, "Invalid image height.\n");
>> +    if (!height || height > s->screen_height) {
>> +        av_log(s->avctx, AV_LOG_WARNING, "Invalid image height,
>> truncating: %d.\n", height);
>> +        height = s->screen_height;
>> +    }
>> +    if (top >= s->screen_height) {
>> +        av_log(s->avctx, AV_LOG_ERROR, "Invalid top position: %d.\n",
>> top);
>>          return AVERROR_INVALIDDATA;
>>      }
>>      if (left + width > s->screen_width) {
>
> Looks OK. Out of curiosity: do the files decode to something sensible,
> or mostly glitchy goodness?

I was unable to find another player that failed for the sample
(may all be libgif-based).

Carl Eugen


More information about the ffmpeg-devel mailing list