[Ffmpeg-cvslog] CVS: ffmpeg/libavcodec mjpeg.c,1.108,1.109
Michael Niedermayer CVS
michael
Tue Jul 12 01:39:49 CEST 2005
Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv17353
Modified Files:
mjpeg.c
Log Message:
check len (should fix #1165694)
Index: mjpeg.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mjpeg.c,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -d -r1.108 -r1.109
--- mjpeg.c 24 Feb 2005 19:08:49 -0000 1.108
+++ mjpeg.c 11 Jul 2005 23:39:47 -0000 1.109
@@ -1585,10 +1585,11 @@
{
int len, id;
- /* XXX: verify len field validity */
len = get_bits(&s->gb, 16);
if (len < 5)
return -1;
+ if(8*len + get_bits_count(&s->gb) > s->gb.size_in_bits)
+ return -1;
id = (get_bits(&s->gb, 16) << 16) | get_bits(&s->gb, 16);
id = be2me_32(id);
More information about the ffmpeg-cvslog
mailing list