lavfi/lut3d: add sanity checks.

Should fix CID1026775 and CID1026774.

1 files changed, 8 insertions, 2 deletions

diff --git a/libavfilter/vf_lut3d.c b/libavfilter/vf_lut3d.c
index 7fc5ec1567..ef1365deaf 100644
--- a/libavfilter/vf_lut3d.c
+++ b/libavfilter/vf_lut3d.c
@@ -265,8 +265,8 @@ static int parse_cube(AVFilterContext *ctx, FILE *f)
             int i, j, k;
             const int size = strtol(line + 12, NULL, 0);
 
-            if (size > MAX_LEVEL) {
-                av_log(ctx, AV_LOG_ERROR, "Too large 3D LUT\n");
+            if (size < 2 || size > MAX_LEVEL) {
+                av_log(ctx, AV_LOG_ERROR, "Too large or invalid 3D LUT size\n");
                 return AVERROR(EINVAL);
             }
             lut3d->lutsize = size;
@@ -370,6 +370,12 @@ static int parse_m3d(AVFilterContext *ctx, FILE *f)
         av_log(ctx, AV_LOG_ERROR, "in and out must be defined\n");
         return AVERROR_INVALIDDATA;
     }
+    if (in < 2 || out < 2 ||
+        in  > MAX_LEVEL*MAX_LEVEL*MAX_LEVEL ||
+        out > MAX_LEVEL*MAX_LEVEL*MAX_LEVEL) {
+        av_log(ctx, AV_LOG_ERROR, "invalid in (%d) or out (%d)\n", in, out);
+        return AVERROR_INVALIDDATA;
+    }
     for (size = 1; size*size*size < in; size++);
     lut3d->lutsize = size;
     scale = 1. / (out - 1);