[FFmpeg-cvslog] avcodec/mjpegdec: sanity check bits
Michael Niedermayer
git at videolan.org
Sun Oct 12 00:36:03 CEST 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Oct 12 00:25:47 2014 +0200| [0db1f2c2c78db18999fccd46a156408e5e87c8a1] | committer: Michael Niedermayer
avcodec/mjpegdec: sanity check bits
Fixes undefined shift
Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0db1f2c2c78db18999fccd46a156408e5e87c8a1
---
libavcodec/mjpegdec.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 8966672..271c05e 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -256,6 +256,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
s->avctx->bits_per_raw_sample =
bits = get_bits(&s->gb, 8);
+ if (bits > 16 || bits < 1) {
+ av_log(s->avctx, AV_LOG_ERROR, "bits %d is invalid\n", bits);
+ return AVERROR_INVALIDDATA;
+ }
+
if (s->pegasus_rct)
bits = 9;
if (bits == 9 && !s->pegasus_rct)
More information about the ffmpeg-cvslog
mailing list