Fixes possible issues with unexpected bpp/bppcount values.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit
ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
{
int ret;
+ // make sure there is no aliasing in the following switch
+ if (s->bpp >= 100 || s->bppcount >= 10) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+ s->bpp, s->bppcount);
+ return AVERROR_INVALIDDATA;
+ }
+
switch (s->bpp * 10 + s->bppcount) {
case 11:
s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;