diff options
Diffstat (limited to 'media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch')
-rw-r--r-- | media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch b/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch new file mode 100644 index 000000000000..4eabf8b5f28c --- /dev/null +++ b/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch @@ -0,0 +1,24 @@ +https://trac.mplayerhq.hu/ticket/2295 + +r37857 + +--- old/libmpdemux/demux_gif.c ++++ new/libmpdemux/demux_gif.c +@@ -304,6 +304,17 @@ + return NULL; + } + ++ // Validate image size, most code in this demuxer assumes w*h <= INT_MAX ++ if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) { ++ mp_msg(MSGT_DEMUX, MSGL_ERR, ++ "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth, ++ gif->SHeight); ++ if (DGifCloseFile(gif) == GIF_ERROR) ++ print_gif_error(NULL); ++ free(priv); ++ return NULL; ++ } ++ + // create a new video stream header + sh_video = new_sh_video(demuxer, 0); + |