mjpegdec: check SE.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2012-11-11 00:01:24 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2012-12-03 20:45:23 +0100
commit: 12fb647994c89cd6c45da9497ff7589d760c6ec1 (patch)
tree: 43365e5efde7d7cf249bd2e5458d93b7f90ffebd
parent: c8c9740ee1ea4a4f857a24b1ce05dcd07b72ec2d (diff)
download: ffmpeg-12fb647994c89cd6c45da9497ff7589d760c6ec1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index d829b1b53f..0fca3721af 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1097,6 +1097,11 @@ static int mjpeg_decode_scan_progressive_ac(MJpegDecodeContext *s, int ss,
     int last_scan = 0;
     int16_t *quant_matrix = s->quant_matrixes[s->quant_index[c]];
 
+    if (se > 63) {
+        av_log(s->avctx, AV_LOG_ERROR, "SE %d is too large\n", se);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (!Al) {
         s->coefs_finished[c] |= (1LL << (se + 1)) - (1LL << ss);
         last_scan = !~s->coefs_finished[c];
author	Michael Niedermayer <michaelni@gmx.at>	2012-11-11 00:01:24 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2012-12-03 20:45:23 +0100
commit	12fb647994c89cd6c45da9497ff7589d760c6ec1 (patch)
tree	43365e5efde7d7cf249bd2e5458d93b7f90ffebd
parent	c8c9740ee1ea4a4f857a24b1ce05dcd07b72ec2d (diff)
download	ffmpeg-12fb647994c89cd6c45da9497ff7589d760c6ec1.tar.gz