aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2011-04-21 22:03:24 +0200
committerMichael Niedermayer <michaelni@gmx.at>2011-04-21 22:44:55 +0200
commit73a51e00a74df079507d6355a4e353494ddb0385 (patch)
tree3c17096cb97198605386281ccace48db29539dd6
parent3eb15d98122e71faf98f22bc4acc7ab56f2f4858 (diff)
downloadffmpeg-73a51e00a74df079507d6355a4e353494ddb0385.tar.gz
mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/mjpegdec.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index d0fc524471..2bdd2a814b 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -797,6 +797,10 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i
if (s->restart_interval && !s->restart_count)
s->restart_count = s->restart_interval;
+ if(get_bits_count(&s->gb)>s->gb.size_in_bits){
+ av_log(s->avctx, AV_LOG_ERROR, "overread %d\n", get_bits_count(&s->gb) - s->gb.size_in_bits);
+ return -1;
+ }
for(i=0;i<nb_components;i++) {
uint8_t *ptr;
int n, h, v, x, y, c, j;