[FFmpeg-devel] [PATCH]lavc/mjpegdec: Only read JFIF thumbnail size if the segment is long enough.

Carl Eugen Hoyos cehoyos at ag.or.at
Mon Aug 29 01:12:34 EEST 2016


Hi!

Attached patch fixes ticket #5805.

Please comment, Carl Eugen
-------------- next part --------------
From 215d45b2226cb5681be09bb4e0a2c135925ed6f5 Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <cehoyos at ag.or.at>
Date: Mon, 29 Aug 2016 00:09:06 +0200
Subject: [PATCH] lavc/mjpegdec: Only read JFIF thumbnail size if the segment
 is long enough.

Fixes ticket #5805.
---
 libavcodec/mjpegdec.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 633a8f0..515d2f8 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1690,6 +1690,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
                    s->avctx->sample_aspect_ratio.num,
                    s->avctx->sample_aspect_ratio.den);
 
+        len -= 8;
+        if (len >= 2) {
         t_w = get_bits(&s->gb, 8);
         t_h = get_bits(&s->gb, 8);
         if (t_w && t_h) {
@@ -1697,7 +1699,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
             if (len -10 - (t_w * t_h * 3) > 0)
                 len -= t_w * t_h * 3;
         }
-        len -= 10;
+        len -= 2;
+        }
         goto out;
     }
 
-- 
1.7.10.4



More information about the ffmpeg-devel mailing list