[FFmpeg-cvslog] tiff: Check that there is no aliasing in pixel format selection
Anton Khirnov
git at videolan.org
Sun Mar 8 23:26:04 CET 2015
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sat Mar 7 22:06:59 2015 +0100| [ae5e1f3d663a8c9a532d89e588cbc61f171c9186] | committer: Luca Barbato
tiff: Check that there is no aliasing in pixel format selection
Fixes possible issues with unexpected bpp/bppcount values.
CC: libav-stable at libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
---
libavcodec/tiff.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 08e8a87..b071c3b 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -252,6 +252,14 @@ static int init_image(TiffContext *s, AVFrame *frame)
{
int ret;
+ // make sure there is no aliasing in the following switch
+ if (s->bpp >= 100 || s->bppcount >= 10) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+ s->bpp, s->bppcount);
+ return AVERROR_INVALIDDATA;
+ }
+
switch (s->planar * 1000 + s->bpp * 10 + s->bppcount) {
case 11:
s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;
More information about the ffmpeg-cvslog
mailing list