[FFmpeg-cvslog] pnm: limit maxval to UINT16_MAX

Andreas Cadhalpun git at videolan.org
Sat Nov 12 02:38:25 EET 2016


ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Nov 10 20:31:02 2016 +0100| [484151df7c8f4fb45229b9b3a585efd3faa62501] | committer: Andreas Cadhalpun

pnm: limit maxval to UINT16_MAX

>From 'man ppm': The maximum color value (Maxval), again in ASCII decimal.
                Must be less than 65536.

Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=484151df7c8f4fb45229b9b3a585efd3faa62501
---

 libavcodec/pnm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavcodec/pnm.c b/libavcodec/pnm.c
index 1675959..4753923 100644
--- a/libavcodec/pnm.c
+++ b/libavcodec/pnm.c
@@ -107,7 +107,8 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
             }
         }
         /* check that all tags are present */
-        if (w <= 0 || h <= 0 || maxval <= 0 || depth <= 0 || tuple_type[0] == '\0' || av_image_check_size(w, h, 0, avctx) || s->bytestream >= s->bytestream_end)
+        if (w <= 0 || h <= 0 || maxval <= 0 || maxval > UINT16_MAX || depth <= 0 || tuple_type[0] == '\0' ||
+            av_image_check_size(w, h, 0, avctx) || s->bytestream >= s->bytestream_end)
             return AVERROR_INVALIDDATA;
 
         avctx->width  = w;
@@ -159,7 +160,7 @@ int ff_pnm_decode_header(AVCodecContext *avctx, PNMContext * const s)
     if (avctx->pix_fmt != AV_PIX_FMT_MONOWHITE && avctx->pix_fmt != AV_PIX_FMT_MONOBLACK) {
         pnm_get(s, buf1, sizeof(buf1));
         s->maxval = atoi(buf1);
-        if (s->maxval <= 0) {
+        if (s->maxval <= 0 || s->maxval > UINT16_MAX) {
             av_log(avctx, AV_LOG_ERROR, "Invalid maxval: %d\n", s->maxval);
             s->maxval = 255;
         }



More information about the ffmpeg-cvslog mailing list