[FFmpeg-devel] [PATCH 1/3] avcodec/cbs_jpeg: Assert that cbs_jpeg_assemble_fragment() stays within the array
Michael Niedermayer
michael at niedermayer.cc
Wed May 8 05:39:21 EEST 2024
Inspired by: CID1473561 Untrusted pointer write
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/cbs_jpeg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
index b1b58dcd65e..628841c5f37 100644
--- a/libavcodec/cbs_jpeg.c
+++ b/libavcodec/cbs_jpeg.c
@@ -401,6 +401,7 @@ static int cbs_jpeg_assemble_fragment(CodedBitstreamContext *ctx,
} else {
data[dp++] = unit->data[sp];
}
+ av_assert0(dp <= size - 2);
}
}
}
--
2.43.2
More information about the ffmpeg-devel
mailing list