summaryrefslogtreecommitdiff
path: root/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch')
-rw-r--r--media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch b/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch
new file mode 100644
index 000000000000..4eabf8b5f28c
--- /dev/null
+++ b/media-video/mplayer/files/mplayer-1.3-CVE-2016-4352.patch
@@ -0,0 +1,24 @@
+https://trac.mplayerhq.hu/ticket/2295
+
+r37857
+
+--- old/libmpdemux/demux_gif.c
++++ new/libmpdemux/demux_gif.c
+@@ -304,6 +304,17 @@
+ return NULL;
+ }
+
++ // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
++ if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
++ mp_msg(MSGT_DEMUX, MSGL_ERR,
++ "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
++ gif->SHeight);
++ if (DGifCloseFile(gif) == GIF_ERROR)
++ print_gif_error(NULL);
++ free(priv);
++ return NULL;
++ }
++
+ // create a new video stream header
+ sh_video = new_sh_video(demuxer, 0);
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-17 21:45:21 +0000