[FFmpeg-cvslog] avformat/apngdec: Check fcTL chunk length when reading header
Andreas Rheinhardt
git at videolan.org
Tue Nov 3 15:49:02 EET 2020
ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sat Oct 31 14:07:27 2020 +0100| [d9363b56a6b134e90fff8098cbd46a642f9cf99d] | committer: Andreas Rheinhardt
avformat/apngdec: Check fcTL chunk length when reading header
Reading the header terminates when an fcTL chunk is encountered in which
case read_header returned success without checking the length of said
chunk. Yet when read_packet processes this chunk, it checks for the
length to be 26 and errors out otherwise. So do so when reading the header,
too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9363b56a6b134e90fff8098cbd46a642f9cf99d
---
libavformat/apngdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index d8d0de190f..6b2ce2e251 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -226,7 +226,7 @@ static int apng_read_header(AVFormatContext *s)
ctx->num_frames, ctx->num_play);
break;
case MKTAG('f', 'c', 'T', 'L'):
- if (!acTL_found) {
+ if (!acTL_found || len != 26) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
More information about the ffmpeg-cvslog
mailing list