diff options
author | wm4 <wm4@nowhere> | 2014-01-29 17:01:42 +0100 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2014-01-29 17:01:42 +0100 |
commit | 8e61e9ed6e549cfb4ad0180a2ed20d9a2f10fcdc (patch) | |
tree | 3698d79834e18f8b021ac236a8681ab5dbfcc173 /video/mp_image.c | |
parent | 46c9dfe2e7f2b8e2e1fb4a1ef0bb9de0bdd5a8b3 (diff) | |
download | mpv-8e61e9ed6e549cfb4ad0180a2ed20d9a2f10fcdc.tar.bz2 mpv-8e61e9ed6e549cfb4ad0180a2ed20d9a2f10fcdc.tar.xz |
mp_image: reject too large image sizes
Larger sizes can introduce overflows, depending on the image format. In
the worst case, something larger than 16000x16000 with 8 bytes per pixel
will overflow 31 bits.
Maybe there should be a proper failure path instead of a hard crash, but
not yet. I imagine anything that sets a higher image size than a known
working size should be forced to call a function to check the size (much
like in ffmpeg/libavutil).
Diffstat (limited to 'video/mp_image.c')
-rw-r--r-- | video/mp_image.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/video/mp_image.c b/video/mp_image.c index b0f174d769..44ee0cfedb 100644 --- a/video/mp_image.c +++ b/video/mp_image.c @@ -175,6 +175,10 @@ static int mp_chroma_div_up(int size, int shift) // Caller has to make sure this doesn't exceed the allocated plane data/strides. void mp_image_set_size(struct mp_image *mpi, int w, int h) { + // av_image_check_size has similar checks and triggers around 16000*16000 + if (w >= (1 << 14) || h >= (1 << 14) || w < 0 || h < 0) + abort(); + mpi->w = mpi->display_w = w; mpi->h = mpi->display_h = h; for (int n = 0; n < mpi->num_planes; n++) { |