[FFmpeg-cvslog] tiff: Check that there is no aliasing in pixel format selection
Anton Khirnov
git at videolan.org
Tue Mar 10 14:19:23 CET 2015
ffmpeg | branch: release/1.1 | Anton Khirnov <anton at khirnov.net> | Sat Mar 7 22:06:59 2015 +0100| [62b0462e5fa78901380ca229ddb6a7625efd61a2] | committer: Reinhard Tartler
tiff: Check that there is no aliasing in pixel format selection
Fixes possible issues with unexpected bpp/bppcount values.
CC: libav-stable at libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
(cherry picked from commit eb9041403d820634c45ed4ee98570246a252507a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62b0462e5fa78901380ca229ddb6a7625efd61a2
---
libavcodec/tiff.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 309f1a9..67dc5bd 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -236,6 +236,14 @@ static int init_image(TiffContext *s)
int i, ret;
uint32_t *pal;
+ // make sure there is no aliasing in the following switch
+ if (s->bpp >= 100 || s->bppcount >= 10) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+ s->bpp, s->bppcount);
+ return AVERROR_INVALIDDATA;
+ }
+
switch (s->bpp * 10 + s->bppcount) {
case 11:
s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;
More information about the ffmpeg-cvslog
mailing list