[FFmpeg-cvslog] mjpegdec: tighten unescaped_buf_size size check, prevent null ptr deref
Michael Niedermayer
git at videolan.org
Mon Nov 12 20:50:32 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Nov 12 20:27:29 2012 +0100| [a9456c7c5ca883b5a3947e59a9fba5587e18e119] | committer: Michael Niedermayer
mjpegdec: tighten unescaped_buf_size size check, prevent null ptr deref
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9456c7c5ca883b5a3947e59a9fba5587e18e119
---
libavcodec/mjpegdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 0a71a6f..ae0e504 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1611,7 +1611,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
/* EOF */
if (start_code < 0) {
goto the_end;
- } else if (unescaped_buf_size > (1U<<29)) {
+ } else if (unescaped_buf_size > (1U<<28)) {
av_log(avctx, AV_LOG_ERROR, "MJPEG packet 0x%x too big (0x%x/0x%x), corrupt data?\n",
start_code, unescaped_buf_size, buf_size);
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list