[FFmpeg-cvslog] avformat/apngenc: Check fcTL size
Andreas Rheinhardt
git at videolan.org
Sat Jul 9 20:45:59 EEST 2022
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Mon Jul 4 15:35:04 2022 +0200| [f89446eaff0537bbf6e390584d32375c6b65ea2f] | committer: Andreas Rheinhardt
avformat/apngenc: Check fcTL size
The remaining code relies on it having the value it should have.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f89446eaff0537bbf6e390584d32375c6b65ea2f
---
libavformat/apngenc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 7443c77504..1c039685f2 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -27,6 +27,7 @@
#include "libavutil/intreadwrite.h"
#include "libavutil/log.h"
#include "libavutil/opt.h"
+#include "libavcodec/apng.h"
#include "libavcodec/png.h"
typedef struct APNGMuxContext {
@@ -181,6 +182,9 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
if (existing_fcTL_chunk) {
AVRational delay;
+ if (AV_RB32(existing_fcTL_chunk) != APNG_FCTL_CHUNK_SIZE)
+ return AVERROR_INVALIDDATA;
+
existing_fcTL_chunk += 8;
delay.num = AV_RB16(existing_fcTL_chunk + 20);
delay.den = AV_RB16(existing_fcTL_chunk + 22);
More information about the ffmpeg-cvslog
mailing list