https://nvd.nist.gov/vuln/detail/CVE-2016-4352 https://www.openwall.com/lists/oss-security/2016/04/29/7 https://trac.mplayerhq.hu/ticket/2295 --- a/libmpdemux/demux_gif.c +++ b/libmpdemux/demux_gif.c @@ -316,6 +316,17 @@ return NULL; } + // Validate image size, most code in this demuxer assumes w*h <= INT_MAX + if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) { + mp_msg(MSGT_DEMUX, MSGL_ERR, + "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth, + gif->SHeight); + if (DGifCloseFile(gif) == GIF_ERROR) + print_gif_error(NULL); + free(priv); + return NULL; + } + // create a new video stream header sh_video = new_sh_video(demuxer, 0);