Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-09996b
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From 7f3a671ece8fd711e2ebc71a4e08cda591d810a8 Mon Sep 17 00:00:00 2001 | |||||
From: Michael Niedermayer <michael@niedermayer.cc> | |||||
Date: Mon, 8 May 2017 11:46:03 +0200 | |||||
Subject: [PATCH] avcodec/cdxl: Check format for BGR24 | |||||
Fixes: out of array access | |||||
Fixes: 1427/clusterfuzz-testcase-minimized-5020737339392000 | |||||
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
(cherry picked from commit 1e42736b95065c69a7481d0cf55247024f54b660) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavcodec/cdxl.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git libavcodec/cdxl.c libavcodec/cdxl.c | |||||
index 5c0ecb279c7..78f5d50102f 100644 | |||||
--- external/FFmpeg/libavcodec/cdxl.c | |||||
+++ external/FFmpeg/libavcodec/cdxl.c | |||||
@@ -279,7 +279,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data, | |||||
return AVERROR_INVALIDDATA; | |||||
if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { | |||||
avctx->pix_fmt = AV_PIX_FMT_PAL8; | |||||
- } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { | |||||
+ } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8) && c->format != CHUNKY) { | |||||
if (c->palette_size != (1 << (c->bpp - 1))) | |||||
return AVERROR_INVALIDDATA; | |||||
avctx->pix_fmt = AV_PIX_FMT_BGR24; |