Modified: trunk/libmpdemux/demux_gif.c
==============================================================================
--- trunk/libmpdemux/demux_gif.c Sat Apr 16 11:43:19 2016 (r37856)
+++ trunk/libmpdemux/demux_gif.c Thu Apr 28 23:32:40 2016 (r37857)
@@ -304,6 +304,17 @@ static demuxer_t* demux_open_gif(demuxer
return NULL;
}
+ // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
+ if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
+ mp_msg(MSGT_DEMUX, MSGL_ERR,
+ "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
+ gif->SHeight);
+ if (DGifCloseFile(gif) == GIF_ERROR)
+ print_gif_error(NULL);
+ free(priv);
+ return NULL;
+ }
+
// create a new video stream header
sh_video = new_sh_video(demuxer, 0);
distrib
>
Mageia
>
9
>
aarch64
>
media
>
tainted-updates-src
>
by-pkgid
>
87f6abd9731100975df9ce2bba2ea34a
>
files
>
20
