[FFmpeg-cvslog] avfilter/vf_lut3d: check size in parse_dat()
Michael Niedermayer
git at videolan.org
Sat May 10 14:54:07 CEST 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat May 10 04:25:43 2014 +0200| [2e55f3e90715418ffc6da70363c2bb6ab658481e] | committer: Michael Niedermayer
avfilter/vf_lut3d: check size in parse_dat()
Fixes CID1212261
Reviewed-by: Clément Bœsch <u at pkh.me>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e55f3e90715418ffc6da70363c2bb6ab658481e
---
libavfilter/vf_lut3d.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavfilter/vf_lut3d.c b/libavfilter/vf_lut3d.c
index 85e270c..7b2f83f 100644
--- a/libavfilter/vf_lut3d.c
+++ b/libavfilter/vf_lut3d.c
@@ -274,7 +274,12 @@ static int parse_dat(AVFilterContext *ctx, FILE *f)
NEXT_LINE(skip_line(line));
if (!strncmp(line, "3DLUTSIZE ", 10)) {
- lut3d->lutsize = size = strtol(line + 10, NULL, 0);
+ size = strtol(line + 10, NULL, 0);
+ if (size < 2 || size > MAX_LEVEL) {
+ av_log(ctx, AV_LOG_ERROR, "Too large or invalid 3D LUT size\n");
+ return AVERROR(EINVAL);
+ }
+ lut3d->lutsize = size;
NEXT_LINE(skip_line(line));
}
for (k = 0; k < size; k++) {
More information about the ffmpeg-cvslog
mailing list