aboutsummaryrefslogtreecommitdiffstats
path: root/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch
blob: 4eabf8b5f28c2d226e274eacb6b2188c33cbf3bb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
https://trac.mplayerhq.hu/ticket/2295

r37857

--- old/libmpdemux/demux_gif.c
+++ new/libmpdemux/demux_gif.c
@@ -304,6 +304,17 @@
     return NULL;
   }
 
+  // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
+  if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
+    mp_msg(MSGT_DEMUX, MSGL_ERR,
+           "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
+           gif->SHeight);
+    if (DGifCloseFile(gif) == GIF_ERROR)
+      print_gif_error(NULL);
+    free(priv);
+    return NULL;
+  }
+
   // create a new video stream header
   sh_video = new_sh_video(demuxer, 0);