[FFmpeg-devel] [PATCH 3/5] avformat/apngenc: Check fcTL size
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Mon Jul 4 18:25:18 EEST 2022
The remaining code relies on it having the value it should have.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
---
libavformat/apngenc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/apngenc.c b/libavformat/apngenc.c
index 7443c77504..1c039685f2 100644
--- a/libavformat/apngenc.c
+++ b/libavformat/apngenc.c
@@ -27,6 +27,7 @@
#include "libavutil/intreadwrite.h"
#include "libavutil/log.h"
#include "libavutil/opt.h"
+#include "libavcodec/apng.h"
#include "libavcodec/png.h"
typedef struct APNGMuxContext {
@@ -181,6 +182,9 @@ static int flush_packet(AVFormatContext *format_context, AVPacket *packet)
if (existing_fcTL_chunk) {
AVRational delay;
+ if (AV_RB32(existing_fcTL_chunk) != APNG_FCTL_CHUNK_SIZE)
+ return AVERROR_INVALIDDATA;
+
existing_fcTL_chunk += 8;
delay.num = AV_RB16(existing_fcTL_chunk + 20);
delay.den = AV_RB16(existing_fcTL_chunk + 22);
--
2.34.1
More information about the ffmpeg-devel
mailing list