ffmpeg | branch: release/0.10 | Anton Khirnov <an...@khirnov.net> | Sat Mar 7 22:06:59 2015 +0100| [ec5b2f6a385959048f780b4e7d3d259dc1fa8421] | committer: Reinhard Tartler
tiff: Check that there is no aliasing in pixel format selection Fixes possible issues with unexpected bpp/bppcount values. CC: libav-sta...@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-8544 (cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186) Signed-off-by: Luca Barbato <lu_z...@gentoo.org> (cherry picked from commit eb9041403d820634c45ed4ee98570246a252507a) Signed-off-by: Reinhard Tartler <siret...@tauware.de> (cherry picked from commit 62b0462e5fa78901380ca229ddb6a7625efd61a2) Signed-off-by: Reinhard Tartler <siret...@tauware.de> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec5b2f6a385959048f780b4e7d3d259dc1fa8421 --- libavcodec/tiff.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index c0b611f..20f2a47 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -218,6 +218,14 @@ static int init_image(TiffContext *s) int i, ret; uint32_t *pal; + // make sure there is no aliasing in the following switch + if (s->bpp >= 100 || s->bppcount >= 10) { + av_log(s->avctx, AV_LOG_ERROR, + "Unsupported image parameters: bpp=%d, bppcount=%d\n", + s->bpp, s->bppcount); + return AVERROR_INVALIDDATA; + } + switch (s->bpp * 10 + s->bppcount) { case 11: s->avctx->pix_fmt = PIX_FMT_MONOBLACK; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
