[FFmpeg-devel] [PATCH]lavc/gifdec: Do not error out on resolution bigger than screen size

Michael Niedermayer michael at niedermayer.cc
Mon Nov 27 14:29:10 EET 2017 

On Mon, Nov 27, 2017 at 03:05:27AM +0100, Carl Eugen Hoyos wrote:
> Hi!
> 
> Attached patch fixes ticket #6874 for me.
> I don't think it makes much sense to discuss what the specification
> means with "logical screen size" and "raster screen size" and
> "physical display": Not only do other decoders accept such files, our
> decoder already contains the necessary code to crop the image.
> I believe that it could at least be argued that the specification
> allows such files.
> 
> Please comment, Carl Eugen

>  gifdec.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 120f9d9fde11cb243440c9c4ba2051904bfc2c9c  0001-lavc-gifdec-Do-not-error-out-if-resolution-is-bigger.patch
> From 47f5d312461a0d30cd1e70d819ae1daefbb5eebb Mon Sep 17 00:00:00 2001
> From: Carl Eugen Hoyos <ceffmpeg at gmail.com>
> Date: Mon, 27 Nov 2017 02:57:50 +0100
> Subject: [PATCH] lavc/gifdec: Do not error out if resolution is bigger than
>  screen dimension.
> 
> This is what other decoders do.
> 
> Fixes ticket #6874.

this makes the decoder crash

[gif @ 0x25588b40] LZW decode failed
[gif @ 0x25588b40] LZW decode failedtime=00:00:00.10 bitrate=N/A speed=0.171x
    Last message repeated 2 times
[gif @ 0x25588b40] Image too wide by 16384, truncating.
==1782== Invalid write of size 1
==1782==    at 0x978928: ff_lzw_decode (in ffmpeg/ffmpeg_g)
==1782==    by 0x893C47: gif_decode_frame (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F8976: decode_receive_frame_internal (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F9537: avcodec_send_packet (in ffmpeg/ffmpeg_g)
==1782==    by 0x4C93CB: decode_video (in ffmpeg/ffmpeg_g)
==1782==    by 0x4CC332: process_input (in ffmpeg/ffmpeg_g)
==1782==    by 0x4AB176: main (in ffmpeg/ffmpeg_g)
==1782==  Address 0x257565db is 0 bytes after a block of size 91 alloc'd
==1782==    at 0x4C2A6C5: memalign (vg_replace_malloc.c:727)
==1782==    by 0x4C2A760: posix_memalign (vg_replace_malloc.c:876)
==1782==    by 0x108446C: av_fast_malloc (in ffmpeg/ffmpeg_g)
==1782==    by 0x8937D3: gif_decode_frame (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F8976: decode_receive_frame_internal (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F9537: avcodec_send_packet (in ffmpeg/ffmpeg_g)
==1782==    by 0x4C93CB: decode_video (in ffmpeg/ffmpeg_g)
==1782==    by 0x4CC332: process_input (in ffmpeg/ffmpeg_g)
==1782==    by 0x4AB176: main (in ffmpeg/ffmpeg_g)


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"You are 36 times more likely to die in a bathtub than at the hands of a
terrorist. Also, you are 2.5 times more likely to become a president and
2 times more likely to become an astronaut, than to die in a terrorist
attack." -- Thoughty2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171127/388737b4/attachment.sig>

More information about the ffmpeg-devel mailing list