mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
iff: validate CMAP palette size
Fixes CVE-2013-2495 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <lu_zero@gentoo.org> CC: libav-stable@libav.org
This commit is contained in:
parent
d1bec33b46
commit
50c449ac24
@ -166,6 +166,11 @@ static int iff_read_header(AVFormatContext *s)
|
||||
break;
|
||||
|
||||
case ID_CMAP:
|
||||
if (data_size < 3 || data_size > 768 || data_size % 3) {
|
||||
av_log(s, AV_LOG_ERROR, "Invalid CMAP chunk size %d\n",
|
||||
data_size);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
st->codec->extradata_size = data_size;
|
||||
st->codec->extradata = av_malloc(data_size);
|
||||
if (!st->codec->extradata)
|
||||
|
Loading…
Reference in New Issue
Block a user