On Tue, Nov 25, 2014 at 10:52:22AM +0100, Benoit Fouet wrote:
> ---
> libavformat/apngdec.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
> index dac71f1..e9c87a1 100644
> --- a/libavformat/apngdec.c
> +++ b/libavformat/apngdec.c
> @@ -295,7 +295,9 @@ static int decode_fctl_chunk(AVFormatContext *s,
> APNGDemuxContext *ctx, AVPacket
> height != s->streams[0]->codec->height ||
> x_offset != 0 ||
> y_offset != 0) {
> - if (sequence_number == 0)
> + if (sequence_number == 0 ||
> + width + x_offset > s->streams[0]->codec->width ||
> + height + y_offset > s->streams[0]->codec->height)the addition can overflow [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Dictatorship naturally arises out of democracy, and the most aggravated form of tyranny and slavery out of the most extreme liberty. -- Plato
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
