[FFmpeg-devel] [PATCH] jv demuxer: prevent video packet size overflow
Reimar Döffinger
Reimar.Doeffinger
Sun Mar 13 08:28:01 CET 2011
On 13 Mar 2011, at 06:15, Peter Ross <pross at xvid.org> wrote:
> In the event of overflow, the JV_PADDING state will avio_skip over
> any overflow bytes (using JVFrame.total_size).
> ---
> libavformat/jvdec.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
> index 314a341..9235e51 100644
> --- a/libavformat/jvdec.c
> +++ b/libavformat/jvdec.c
> @@ -116,6 +116,8 @@ static int read_header(AVFormatContext *s,
> jvf->audio_size = avio_rl32(pb);
> jvf->video_size = avio_rl32(pb);
> jvf->palette_size = avio_r8(pb) ? 768 : 0;
> + jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0),
> + INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size);
I'd consider it more readable to do the FFMAX first on a separate line and then the FFMIN.
More information about the ffmpeg-devel
mailing list