diff options
author | Anton Khirnov <anton@khirnov.net> | 2015-03-07 22:06:59 +0100 |
---|---|---|
committer | Luca Barbato <lu_zero@gentoo.org> | 2015-03-08 19:14:14 +0100 |
commit | ae5e1f3d663a8c9a532d89e588cbc61f171c9186 (patch) | |
tree | 3a34b397ba7d3a769535c920db87b8565749f612 /libavcodec/tiff.c | |
parent | 6448f15af02f2c3cf0df8cb8237957e426041f2d (diff) | |
download | ffmpeg-ae5e1f3d663a8c9a532d89e588cbc61f171c9186.tar.gz |
tiff: Check that there is no aliasing in pixel format selection
Fixes possible issues with unexpected bpp/bppcount values.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Diffstat (limited to 'libavcodec/tiff.c')
-rw-r--r-- | libavcodec/tiff.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 08e8a87859..b071c3bf3a 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -252,6 +252,14 @@ static int init_image(TiffContext *s, AVFrame *frame) { int ret; + // make sure there is no aliasing in the following switch + if (s->bpp >= 100 || s->bppcount >= 10) { + av_log(s->avctx, AV_LOG_ERROR, + "Unsupported image parameters: bpp=%d, bppcount=%d\n", + s->bpp, s->bppcount); + return AVERROR_INVALIDDATA; + } + switch (s->planar * 1000 + s->bpp * 10 + s->bppcount) { case 11: s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK; |