termux-packages/packages/mplayer/mplayer-1.4-CVE-2016-4352.patch

25 lines
709 B
Diff
Raw Normal View History

2022-03-05 07:32:17 +01:00
https://nvd.nist.gov/vuln/detail/CVE-2016-4352
https://www.openwall.com/lists/oss-security/2016/04/29/7
https://trac.mplayerhq.hu/ticket/2295
--- a/libmpdemux/demux_gif.c
+++ b/libmpdemux/demux_gif.c
@@ -316,6 +316,17 @@
return NULL;
}
+ // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
+ if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
+ mp_msg(MSGT_DEMUX, MSGL_ERR,
+ "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
+ gif->SHeight);
+ if (DGifCloseFile(gif) == GIF_ERROR)
+ print_gif_error(NULL);
+ free(priv);
+ return NULL;
+ }
+
// create a new video stream header
sh_video = new_sh_video(demuxer, 0);