forked from pool/ffmpeg-5
ZhaoQiang
32ade1364a
Backporting 3faadbe2 from upstream, Use 64bit for input size check, Fixes: out of array read, Fixes: poc3. (CVE-2024-7055, bsc#1229026)
30 lines
975 B
Diff
30 lines
975 B
Diff
From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
|
|
From: Michael Niedermayer <michael@niedermayer.cc>
|
|
Date: Thu, 18 Jul 2024 21:12:54 +0200
|
|
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
|
|
References: CVE-2024-7055
|
|
References: bsc#1229026
|
|
Upstream: Backport from upstream
|
|
|
|
Fixes: out of array read
|
|
Fixes: poc3
|
|
|
|
Reported-by: VulDB CNA Team
|
|
Found-by: CookedMelon
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
---
|
|
libavcodec/pnmdec.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- ffmpeg-5.1.4/libavcodec/pnmdec.c
|
|
+++ ffmpeg-5.1.4_new/libavcodec/pnmdec.c
|
|
@@ -260,7 +260,7 @@
|
|
break;
|
|
case AV_PIX_FMT_GBRPF32:
|
|
if (!s->half) {
|
|
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
|
|
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
|
|
return AVERROR_INVALIDDATA;
|
|
scale = 1.f / s->scale;
|
|
if (s->endian) {
|