From 2e55f3e90715418ffc6da70363c2bb6ab658481e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 10 May 2014 04:25:43 +0200
Subject: [PATCH] avfilter/vf_lut3d: check size in parse_dat()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes CID1212261
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavfilter/vf_lut3d.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavfilter/vf_lut3d.c b/libavfilter/vf_lut3d.c
index 85e270cc5f..7b2f83f3c2 100644
--- a/libavfilter/vf_lut3d.c
+++ b/libavfilter/vf_lut3d.c
@@ -274,7 +274,12 @@ static int parse_dat(AVFilterContext *ctx, FILE *f)
 
     NEXT_LINE(skip_line(line));
     if (!strncmp(line, "3DLUTSIZE ", 10)) {
-        lut3d->lutsize = size = strtol(line + 10, NULL, 0);
+        size = strtol(line + 10, NULL, 0);
+        if (size < 2 || size > MAX_LEVEL) {
+            av_log(ctx, AV_LOG_ERROR, "Too large or invalid 3D LUT size\n");
+            return AVERROR(EINVAL);
+        }
+        lut3d->lutsize = size;
         NEXT_LINE(skip_line(line));
     }
     for (k = 0; k < size; k++) {