falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avcodec/pngdec: Check IHDR/IDAT order 

Fixes out of array access
Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79ceaf827b)

Conflicts:

	libavcodec/pngdec.c
tags/n2.4.4
Michael Niedermayer 11 years ago
parent
a654f483cd
commit
f2595a6c38
1 changed files with 6 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -0
      libavcodec/pngdec.c

+ 6
- 0
libavcodec/pngdec.c View File

@@ -582,6 +582,12 @@ static int decode_frame(AVCodecContext *avctx,
case MKTAG('I', 'H', 'D', 'R'):
if (length != 13)
goto fail;

if (s->state & PNG_IDAT) {
av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n");
goto fail;
}

s->width = bytestream2_get_be32(&s->gb);
s->height = bytestream2_get_be32(&s->gb);
if (av_image_check_size(s->width, s->height, 0, avctx)) {


Write Preview
Loading…
Cancel
Save