[FFmpeg-cvslog] avcodec/pngdec: Check blend_op.

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Oct 11 03:46:44 2015 +0200| [1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f] | committer: Michael Niedermayer

avcodec/pngdec: Check blend_op.

Fixes CID1322359, CID1322358

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f
---

 libavcodec/pngdec.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index d180141..2ab456d 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -912,6 +912,11 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s,
         cur_w > s->width - x_offset|| cur_h > s->height - y_offset)
             return AVERROR_INVALIDDATA;
 
+    if (blend_op != APNG_BLEND_OP_OVER && blend_op != APNG_BLEND_OP_SOURCE) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid blend_op %d\n", blend_op);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
         // No previous frame to revert to for the first frame
         // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND