projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d1bec33
)
iff: validate CMAP palette size
author
Kostya Shishkov
<kostya.shishkov@gmail.com>
Sun, 17 Mar 2013 19:22:19 +0000
(20:22 +0100)
committer
Luca Barbato
<lu_zero@gentoo.org>
Mon, 18 Mar 2013 09:48:29 +0000
(10:48 +0100)
Fixes CVE-2013-2495
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
libavformat/iff.c
patch
|
blob
|
history
diff --git
a/libavformat/iff.c
b/libavformat/iff.c
index
ab22e11
..
79f5f16
100644
(file)
--- a/
libavformat/iff.c
+++ b/
libavformat/iff.c
@@
-166,6
+166,11
@@
static int iff_read_header(AVFormatContext *s)
break;
case ID_CMAP:
+ if (data_size < 3 || data_size > 768 || data_size % 3) {
+ av_log(s, AV_LOG_ERROR, "Invalid CMAP chunk size %d\n",
+ data_size);
+ return AVERROR_INVALIDDATA;
+ }
st->codec->extradata_size = data_size;
st->codec->extradata = av_malloc(data_size);
if (!st->codec->extradata)