[FFmpeg-cvslog] jvdec: check that the video_size fits in the packet.
Michael Niedermayer
git at videolan.org
Tue Jul 3 12:38:48 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jul 3 12:32:26 2012 +0200| [114f82ee7e384ff80151fe6f4ed89d46c2f20419] | committer: Michael Niedermayer
jvdec: check that the video_size fits in the packet.
Prevents use of out of array data and fate failure.
Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=114f82ee7e384ff80151fe6f4ed89d46c2f20419
---
libavcodec/jvdec.c | 2 +-
tests/ref/fate/jv | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index 4031fad..728b749 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -143,7 +143,7 @@ static int decode_frame(AVCodecContext *avctx,
buf += 5;
if (video_size) {
- if(video_size < 0) {
+ if(video_size < 0 || video_size > buf_size) {
av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size);
return AVERROR_INVALIDDATA;
}
diff --git a/tests/ref/fate/jv b/tests/ref/fate/jv
index 88b345c..b0a6008 100644
--- a/tests/ref/fate/jv
+++ b/tests/ref/fate/jv
@@ -6,4 +6,3 @@
0, 5, 5, 1, 192000, 0xb8e331eb
0, 6, 6, 1, 192000, 0xd35b2053
0, 7, 7, 1, 192000, 0x01062188
-0, 8, 8, 1, 192000, 0xa3a73b87
More information about the ffmpeg-cvslog
mailing list