avcodec/mjpeg_parser: Make parser a bit more robust with unclean input

Helps: test_roman.mjpeg (note this is not really just mjpeg)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 4 insertions, 2 deletions

diff --git a/libavcodec/mjpeg_parser.c b/libavcodec/mjpeg_parser.c
index 07a6b2bdc6..c642b2ecbc 100644
--- a/libavcodec/mjpeg_parser.c
+++ b/libavcodec/mjpeg_parser.c
@@ -50,7 +50,7 @@ static int find_frame_end(MJPEGParserContext *m, const uint8_t *buf, int buf_siz
         for(i=0; i<buf_size;){
             state= (state<<8) | buf[i];
             if(state>=0xFFC00000 && state<=0xFFFEFFFF){
-                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
+                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
                     i++;
                     vop_found=1;
                     break;
@@ -76,12 +76,14 @@ static int find_frame_end(MJPEGParserContext *m, const uint8_t *buf, int buf_siz
         for(; i<buf_size;){
             state= (state<<8) | buf[i];
             if(state>=0xFFC00000 && state<=0xFFFEFFFF){
-                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
+                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
                     pc->frame_start_found=0;
                     pc->state=0;
                     return i-3;
                 } else if(state<0xFFD00000 || state>0xFFD9FFFF){
                     m->size= (state&0xFFFF)-1;
+                    if (m->size >= 0x8000)
+                        m->size = 0;
                 }
             }
             if(m->size>0){