[FFmpeg-cvslog] r18925 - trunk/libavcodec/rtjpeg.c
reimar
subversion
Sun May 24 11:03:45 CEST 2009
Author: reimar
Date: Sun May 24 11:03:45 2009
New Revision: 18925
Log:
Add a few size checks when decoding rtjpeg blocks.
Might avoid crashes in unlikely cases, but mostly avoids ugly artefacts
for partial frames.
Modified:
trunk/libavcodec/rtjpeg.c
Modified: trunk/libavcodec/rtjpeg.c
==============================================================================
--- trunk/libavcodec/rtjpeg.c Sun May 24 10:36:52 2009 (r18924)
+++ trunk/libavcodec/rtjpeg.c Sun May 24 11:03:45 2009 (r18925)
@@ -55,6 +55,9 @@ static inline int get_block(GetBitContex
// number of non-zero coefficients
coeff = get_bits(gb, 6);
+ if (get_bits_count(gb) + (coeff << 1) >= gb->size_in_bits)
+ return 0;
+
// normally we would only need to clear the (63 - coeff) last values,
// but since we do not know where they are we just clear the whole block
memset(block, 0, 64 * sizeof(DCTELEM));
@@ -69,6 +72,8 @@ static inline int get_block(GetBitContex
// 4 bits per coefficient
ALIGN(4);
+ if (get_bits_count(gb) + (coeff << 2) >= gb->size_in_bits)
+ return 0;
while (coeff) {
ac = get_sbits(gb, 4);
if (ac == -8)
@@ -78,6 +83,8 @@ static inline int get_block(GetBitContex
// 8 bits per coefficient
ALIGN(8);
+ if (get_bits_count(gb) + (coeff << 3) >= gb->size_in_bits)
+ return 0;
while (coeff) {
ac = get_sbits(gb, 8);
PUT_COEFF(ac);
More information about the ffmpeg-cvslog
mailing list