[FFmpeg-cvslog] jv demuxer: prevent video packet size overflow

Peter Ross git
Tue Mar 15 16:55:20 CET 2011


ffmpeg | branch: master | Peter Ross <pross at xvid.org> | Sun Mar 13 16:15:38 2011 +1100| [7f05c164d8ccbfded9bcefdb41942bc28d85c87a] | committer: Ronald S. Bultje

jv demuxer: prevent video packet size overflow

In the event of overflow, the JV_PADDING state will avio_skip over
any overflow bytes (using JVFrame.total_size).

Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f05c164d8ccbfded9bcefdb41942bc28d85c87a
---

 libavformat/jvdec.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
index 314a341..9235e51 100644
--- a/libavformat/jvdec.c
+++ b/libavformat/jvdec.c
@@ -116,6 +116,8 @@ static int read_header(AVFormatContext *s,
         jvf->audio_size = avio_rl32(pb);
         jvf->video_size = avio_rl32(pb);
         jvf->palette_size = avio_r8(pb) ? 768 : 0;
+        jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0),
+                                INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size);
         if (avio_r8(pb))
              av_log(s, AV_LOG_WARNING, "unsupported audio codec\n");
         jvf->video_type = avio_r8(pb);




More information about the ffmpeg-cvslog mailing list