avcodec/pngdec: Check blend_op.

Fixes CID1322359, CID1322358 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2015-10-11 03:46:44 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2015-10-12 02:23:36 +0200
commit: c149a4afeef512222c8c8939386370cbbc0025c1 (patch)
tree: f2678362855e61f294ac4fe70316c985a5b7e08c
parent: 02d8abf0f576c543f2bd7d131fc876b519013f91 (diff)
download: ffmpeg-c149a4afeef512222c8c8939386370cbbc0025c1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 1b47b18361..f0729a1a0e 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -912,6 +912,11 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s,
         cur_w > s->width - x_offset|| cur_h > s->height - y_offset)
             return AVERROR_INVALIDDATA;
 
+    if (blend_op != APNG_BLEND_OP_OVER && blend_op != APNG_BLEND_OP_SOURCE) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid blend_op %d\n", blend_op);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
         // No previous frame to revert to for the first frame
         // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND
author	Michael Niedermayer <michael@niedermayer.cc>	2015-10-11 03:46:44 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2015-10-12 02:23:36 +0200
commit	c149a4afeef512222c8c8939386370cbbc0025c1 (patch)
tree	f2678362855e61f294ac4fe70316c985a5b7e08c
parent	02d8abf0f576c543f2bd7d131fc876b519013f91 (diff)
download	ffmpeg-c149a4afeef512222c8c8939386370cbbc0025c1.tar.gz