[FFmpeg-devel] [PATCH v3 3/4] avformat/apngdec: Check fcTL chunk length when reading header
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Sat Oct 31 16:16:25 EET 2020
Reading the header terminates when an fcTL chunk is encountered in which
case read_header returned success without checking the length of said
chunk. Yet when read_packet processes this chunk, it checks for the
length to be 26 and errors out otherwise. So do so when reading the header,
too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
libavformat/apngdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/apngdec.c b/libavformat/apngdec.c
index d8d0de190f..6b2ce2e251 100644
--- a/libavformat/apngdec.c
+++ b/libavformat/apngdec.c
@@ -226,7 +226,7 @@ static int apng_read_header(AVFormatContext *s)
ctx->num_frames, ctx->num_play);
break;
case MKTAG('f', 'c', 'T', 'L'):
- if (!acTL_found) {
+ if (!acTL_found || len != 26) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
--
2.25.1
More information about the ffmpeg-devel
mailing list