Commit f97e28eb authored by Clément Bœsch's avatar Clément Bœsch

lavfi/lut3d: add sanity checks.

Should fix CID1026775 and CID1026774.
parent d5978c86
...@@ -265,8 +265,8 @@ static int parse_cube(AVFilterContext *ctx, FILE *f) ...@@ -265,8 +265,8 @@ static int parse_cube(AVFilterContext *ctx, FILE *f)
int i, j, k; int i, j, k;
const int size = strtol(line + 12, NULL, 0); const int size = strtol(line + 12, NULL, 0);
if (size > MAX_LEVEL) { if (size < 2 || size > MAX_LEVEL) {
av_log(ctx, AV_LOG_ERROR, "Too large 3D LUT\n"); av_log(ctx, AV_LOG_ERROR, "Too large or invalid 3D LUT size\n");
return AVERROR(EINVAL); return AVERROR(EINVAL);
} }
lut3d->lutsize = size; lut3d->lutsize = size;
...@@ -370,6 +370,12 @@ static int parse_m3d(AVFilterContext *ctx, FILE *f) ...@@ -370,6 +370,12 @@ static int parse_m3d(AVFilterContext *ctx, FILE *f)
av_log(ctx, AV_LOG_ERROR, "in and out must be defined\n"); av_log(ctx, AV_LOG_ERROR, "in and out must be defined\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (in < 2 || out < 2 ||
in > MAX_LEVEL*MAX_LEVEL*MAX_LEVEL ||
out > MAX_LEVEL*MAX_LEVEL*MAX_LEVEL) {
av_log(ctx, AV_LOG_ERROR, "invalid in (%d) or out (%d)\n", in, out);
return AVERROR_INVALIDDATA;
}
for (size = 1; size*size*size < in; size++); for (size = 1; size*size*size < in; size++);
lut3d->lutsize = size; lut3d->lutsize = size;
scale = 1. / (out - 1); scale = 1. / (out - 1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment