File: 0100_svn37857_CVE-2016-4352.patch

package info (click to toggle)
mplayer 2%3A1.5%2Bsvn38408-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 64,436 kB
  • sloc: ansic: 324,752; xml: 116,492; sh: 9,876; perl: 1,152; objc: 1,073; makefile: 1,006; cpp: 875; asm: 346; awk: 223; python: 98; cs: 10
file content (26 lines) | stat: -rw-r--r-- 759 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
Description: Validate image size in demux_gif
 Fixes crash with -vo null and overflow.gif
 Reported by Gustavo Grieco
Origin: upstream, commit:37857
Bug-Debian: https://bugs.debian.org/823723

--- a/libmpdemux/demux_gif.c
+++ b/libmpdemux/demux_gif.c
@@ -316,6 +316,17 @@
     return NULL;
   }
 
+  // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
+  if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
+    mp_msg(MSGT_DEMUX, MSGL_ERR,
+           "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
+           gif->SHeight);
+    if (DGifCloseFile(gif) == GIF_ERROR)
+      print_gif_error(NULL);
+    free(priv);
+    return NULL;
+  }
+
   // create a new video stream header
   sh_video = new_sh_video(demuxer, 0);