diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2015-10-11 03:46:44 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2015-10-11 03:46:44 +0200 |
commit | 1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f (patch) | |
tree | 5ba5589e935eb40bbb72f2caf8d55b4eb6825f70 /libavcodec/pngdec.c | |
parent | f3fc103c6a8ed8e7056052c54508470eede46566 (diff) | |
download | ffmpeg-1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f.tar.gz |
avcodec/pngdec: Check blend_op.
Fixes CID1322359, CID1322358
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/pngdec.c')
-rw-r--r-- | libavcodec/pngdec.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index d18014142a..2ab456d6e0 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -912,6 +912,11 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s, cur_w > s->width - x_offset|| cur_h > s->height - y_offset) return AVERROR_INVALIDDATA; + if (blend_op != APNG_BLEND_OP_OVER && blend_op != APNG_BLEND_OP_SOURCE) { + av_log(avctx, AV_LOG_ERROR, "Invalid blend_op %d\n", blend_op); + return AVERROR_INVALIDDATA; + } + if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) { // No previous frame to revert to for the first frame // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND |