[FFmpeg-devel] [PATCH] avfilter/vf_lut3d: check size in parse_dat()

Sat May 10 04:26:53 CEST 2014

Fixes CID1212261
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
---
 libavfilter/vf_lut3d.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavfilter/vf_lut3d.c b/libavfilter/vf_lut3d.c
index 85e270c..7b2f83f 100644
--- a/libavfilter/vf_lut3d.c
+++ b/libavfilter/vf_lut3d.c
@@ -274,7 +274,12 @@ static int parse_dat(AVFilterContext *ctx, FILE *f)
 
     NEXT_LINE(skip_line(line));
     if (!strncmp(line, "3DLUTSIZE ", 10)) {
-        lut3d->lutsize = size = strtol(line + 10, NULL, 0);
+        size = strtol(line + 10, NULL, 0);
+        if (size < 2 || size > MAX_LEVEL) {
+            av_log(ctx, AV_LOG_ERROR, "Too large or invalid 3D LUT size\n");
+            return AVERROR(EINVAL);
+        }
+        lut3d->lutsize = size;
         NEXT_LINE(skip_line(line));
     }
     for (k = 0; k < size; k++) {
-- 
1.7.9.5

