[vlc-devel] [PATCH] png: fix crash on empty palettes
Rémi Denis-Courmont
remi at remlab.net
Fri Feb 7 22:14:19 CET 2014
Le vendredi 7 février 2014, 15:43:35 Tristan Matthews a écrit :
> See CVE-2013-6954
> ---
> modules/codec/png.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/modules/codec/png.c b/modules/codec/png.c
> index b4d6ef4..3337ed8 100644
> --- a/modules/codec/png.c
> +++ b/modules/codec/png.c
> @@ -193,7 +193,16 @@ static picture_t *DecodeBlock( decoder_t *p_dec,
> block_t **pp_block ) p_dec->fmt_out.video.i_bmask = 0x00ff0000;
>
> if( i_color_type == PNG_COLOR_TYPE_PALETTE )
> + {
> + /* avoid CVE-2013-6954 */
> + int i_num_palette;
> + png_colorp p_palette;
> +
> + if (!png_get_PLTE(p_png, p_info, &p_palette, &i_num_palette))
> + goto error;
> +
WTH? Just update contribs.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list