[FFmpeg-cvslog] pnm: limit maxval to UINT16_MAX
Andreas Cadhalpun
git at videolan.org
Sat Nov 12 02:38:25 EET 2016
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Nov 10 20:31:02 2016 +0100| [484151df7c8f4fb45229b9b3a585efd3faa62501] | committer: Andreas Cadhalpun
pnm: limit maxval to UINT16_MAX
>From 'man ppm': The maximum color value (Maxval), again in ASCII decimal.
Must be less than 65536.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=484151df7c8f4fb45229b9b3a585efd3faa62501
---
libavcodec/pnm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index 1675959..4753923 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -107,7 +107,8 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
}
}
/* check that all tags are present */
- if (w <= 0 || h <= 0 || maxval <= 0 || depth <= 0 || tuple_type[0] == '\0' || av_image_check_size(w, h, 0, avctx) || s->bytestream >= s->bytestream_end)
+ if (w <= 0 || h <= 0 || maxval <= 0 || maxval > UINT16_MAX || depth <= 0 || tuple_type[0] == '\0' ||
+ av_image_check_size(w, h, 0, avctx) || s->bytestream >= s->bytestream_end)
return AVERROR_INVALIDDATA;
avctx->width = w;
@@ -159,7 +160,7 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
if (avctx->pix_fmt != AV_PIX_FMT_MONOWHITE && avctx->pix_fmt != AV_PIX_FMT_MONOBLACK) {
pnm_get(s, buf1, sizeof(buf1));
s->maxval = atoi(buf1);
- if (s->maxval <= 0) {
+ if (s->maxval <= 0 || s->maxval > UINT16_MAX) {
av_log(avctx, AV_LOG_ERROR, "Invalid maxval: %d\n", s->maxval);
s->maxval = 255;
}
More information about the ffmpeg-cvslog
mailing list