[FFmpeg-cvslog] gifdec: check that w,h is not zero

Michael Niedermayer git at videolan.org
Fri Jan 25 03:44:22 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Jan 25 00:03:59 2013 +0100| [286930d302fd34cfc2541bfdd760a8bbf9f2d2e5] | committer: Michael Niedermayer

gifdec: check that w,h is not zero

Fixes out of array access

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=286930d302fd34cfc2541bfdd760a8bbf9f2d2e5
---

 libavcodec/gifdec.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index 2d9f8b4..d52f2d5 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -187,6 +187,8 @@ static int gif_read_image(GifState *s)
     if (left + width > s->screen_width ||
         top + height > s->screen_height)
         return AVERROR_INVALIDDATA;
+    if (width <= 0 || height <= 0)
+        return AVERROR_INVALIDDATA;
 
     /* process disposal method */
     if (s->gce_prev_disposal == GCE_DISPOSAL_BACKGROUND) {



More information about the ffmpeg-cvslog mailing list