[FFmpeg-cvslog] mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Michael Niedermayer
git at videolan.org
Mon May 2 03:23:21 CEST 2011
ffmpeg | branch: release/0.6 | Michael Niedermayer <michaelni at gmx.at> | Thu Apr 21 22:03:24 2011 +0200| [19166566418e48d13652a6c20468873108cfe955] | committer: Reinhard Tartler
mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Ronald S. Bultje <rbultje at google.com>
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 0d9cba562b88899f0769e686d19b7953f589069b)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19166566418e48d13652a6c20468873108cfe955
---
libavcodec/mjpegdec.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 7f57af9..9f2f88b 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -792,6 +792,10 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i
if (s->restart_interval && !s->restart_count)
s->restart_count = s->restart_interval;
+ if(get_bits_count(&s->gb)>s->gb.size_in_bits){
+ av_log(s->avctx, AV_LOG_ERROR, "overread %d\n", get_bits_count(&s->gb) - s->gb.size_in_bits);
+ return -1;
+ }
for(i=0;i<nb_components;i++) {
uint8_t *ptr;
int n, h, v, x, y, c, j;
More information about the ffmpeg-cvslog
mailing list