---
libavformat/apngdec.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index dac71f1..1b59b82 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -295,7 +295,11 @@ static int decode_fctl_chunk(AVFormatContext *s,
APNGDemuxContext *ctx, AVPacket
height != s->streams[0]->codec->height ||
x_offset != 0 ||
y_offset != 0) {
- if (sequence_number == 0)
+ if (sequence_number == 0 ||
+ x_offset >= s->streams[0]->codec->width ||
+ width > s->streams[0]->codec->width - x_offset ||
+ y_offset >= s->streams[0]->codec->height ||
+ height > s->streams[0]->codec->height - y_offset)
return AVERROR_INVALIDDATA;
ctx->is_key_frame = 0;
} else {
--
2.2.0.rc2.23.gca0107e
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
