This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 01d895340c23c891524f14dfed75e8ee724dd30c Author: Manuel Lauss <[email protected]> AuthorDate: Wed Nov 19 13:25:01 2025 +0100 Commit: Manuel Lauss <[email protected]> CommitDate: Fri May 8 05:08:22 2026 +0000 avcodec/sanm: accept fixed dimensions for ANIM at decode_init This undoes 556cef27d905d31, which I added to fix a fuzzer-crash, but there's no reason to expect the decoder can only be invoked via the smush demuxer. Instead also accept a range of dimensions from 2x2 up to 640x480. Signed-off-by: Manuel Lauss <[email protected]> --- libavcodec/sanm.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index abcc34b333..6af2b0fd17 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -636,9 +636,19 @@ static av_cold int decode_init(AVCodecContext *avctx) avctx->pix_fmt = ctx->version ? AV_PIX_FMT_RGB565 : AV_PIX_FMT_PAL8; if (!ctx->version) { - // ANIM has no dimensions in the header, distrust the incoming data. - avctx->width = avctx->height = 0; - ctx->have_dimensions = 0; + // ANIM valid range is 2x2 up to 640x480. If the given + // width/height are within that range, lock the dimensions + // and forego future changes in process_frame_obj(). + // NOTE: the smush demuxer passes 0/0 since ANM/SAN files + // have no dimension information in their header. + if (avctx->width != 0 || avctx->height != 0) { + if ((avctx->width < 2) || (avctx->height < 2)) + return AVERROR_INVALIDDATA; + if ((avctx->width <= 640) && (avctx->height <= 480)) + ctx->have_dimensions = 1; + else + return AVERROR_INVALIDDATA; + } } else if (avctx->width > 800 || avctx->height > 600 || avctx->width < 8 || avctx->height < 8) { // BL16 valid range is 8x8 - 800x600 _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
