avcodec/mjpegdec: Check escape sequence validity

Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit afa92907f3c6a0c3bdad766ec8d938ee17ee1c9e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-02-04 20:13:18 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2015-02-17 19:43:18 +0100
commit: b0d3873085253f9e60afe256c3b0368c3ab7dd07 (patch)
tree: ef535109d4e3f2da2e8944e239aad13e93eb8ca1
parent: b902eab45a79fa656abdbde4501c1c02adaf140a (diff)
download: ffmpeg-b0d3873085253f9e60afe256c3b0368c3ab7dd07.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index a867d06376..8289cc5d7c 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1835,6 +1835,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
             put_bits(&pb, 8, x);
             if (x == 0xFF) {
                 x = src[b++];
+                if (x & 0x80) {
+                    av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n");
+                    x &= 0x7f;
+                }
                 put_bits(&pb, 7, x);
                 bit_count--;
             }
author	Michael Niedermayer <michaelni@gmx.at>	2015-02-04 20:13:18 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2015-02-17 19:43:18 +0100
commit	b0d3873085253f9e60afe256c3b0368c3ab7dd07 (patch)
tree	ef535109d4e3f2da2e8944e239aad13e93eb8ca1
parent	b902eab45a79fa656abdbde4501c1c02adaf140a (diff)
download	ffmpeg-b0d3873085253f9e60afe256c3b0368c3ab7dd07.tar.gz