[FFmpeg-devel] [PATCH] avcodec/gifdec: truncate too big width/height for invalid gif files
Carl Eugen Hoyos
ceffmpeg at gmail.com
Wed Dec 12 16:59:49 EET 2018
2018-12-12 13:47 GMT+01:00, Tomas Härdin <tjoppen at acc.umu.se>:
> mån 2018-12-10 klockan 13:34 +0100 skrev Paul B Mahol:
>> Fixes #6874.
>>
>> > Signed-off-by: Paul B Mahol <onemda at gmail.com>
>> ---
>> libavcodec/gifdec.c | 16 ++++++++++++----
>> 1 file changed, 12 insertions(+), 4 deletions(-)
>>
>> diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
>> index 54f1d4c0ba..0eb1c21d99 100644
>> --- a/libavcodec/gifdec.c
>> +++ b/libavcodec/gifdec.c
>> @@ -179,12 +179,20 @@ static int gif_read_image(GifState *s, AVFrame
>> *frame)
>> }
>>
>> /* verify that all the image is inside the screen dimensions */
>> - if (!width || width > s->screen_width || left >= s->screen_width) {
>> - av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n");
>> + if (!width || width > s->screen_width) {
>> + av_log(s->avctx, AV_LOG_WARNING, "Invalid image width: %d,
>> truncating.\n", width);
>> + width = s->screen_width;
>> + }
>> + if (left >= s->screen_width) {
>> + av_log(s->avctx, AV_LOG_ERROR, "Invalid left position: %d.\n",
>> left);
>> return AVERROR_INVALIDDATA;
>> }
>> - if (!height || height > s->screen_height || top >= s->screen_height)
>> {
>> - av_log(s->avctx, AV_LOG_ERROR, "Invalid image height.\n");
>> + if (!height || height > s->screen_height) {
>> + av_log(s->avctx, AV_LOG_WARNING, "Invalid image height,
>> truncating: %d.\n", height);
>> + height = s->screen_height;
>> + }
>> + if (top >= s->screen_height) {
>> + av_log(s->avctx, AV_LOG_ERROR, "Invalid top position: %d.\n",
>> top);
>> return AVERROR_INVALIDDATA;
>> }
>> if (left + width > s->screen_width) {
>
> Looks OK. Out of curiosity: do the files decode to something sensible,
> or mostly glitchy goodness?
I was unable to find another player that failed for the sample
(may all be libgif-based).
Carl Eugen
More information about the ffmpeg-devel
mailing list