generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

iff: validate CMAP palette size

Browse Source 
Fixes CVE-2013-2495

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org
This commit is contained in:
Kostya Shishkov 2013-03-17 20:22:19 +01:00 committed by Luca Barbato
parent d1bec33b46
commit 50c449ac24
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavformat/iff.c
View File

@ -166,6 +166,11 @@ static int iff_read_header(AVFormatContext *s)
break; break;
case ID_CMAP: case ID_CMAP:
if (data_size < 3 || data_size > 768 || data_size % 3) {
av_log(s, AV_LOG_ERROR, "Invalid CMAP chunk size %d\n",
data_size);
return AVERROR_INVALIDDATA;
}
st->codec->extradata_size = data_size; st->codec->extradata_size = data_size;
st->codec->extradata = av_malloc(data_size); st->codec->extradata = av_malloc(data_size);
if (!st->codec->extradata) if (!st->codec->extradata)