[FFmpeg-devel] [PATCH 2/2] avformat/apngdec: validate frame dimensions.

[Benoit Fouet]

---
 libavformat/apngdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index dac71f1..e9c87a1 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -295,7 +295,9 @@ static int decode_fctl_chunk(AVFormatContext *s, APNGDemuxContext *ctx, AVPacket
         height != s->streams[0]->codec->height ||
         x_offset != 0 ||
         y_offset != 0) {
-        if (sequence_number == 0)
+        if (sequence_number == 0 ||
+            width  + x_offset > s->streams[0]->codec->width ||
+            height + y_offset > s->streams[0]->codec->height)
             return AVERROR_INVALIDDATA;
         ctx->is_key_frame = 0;
     } else {
-- 
2.2.0.rc2.23.gca0107e