avcodec/mjpegdec: sanity check bits

Fixes undefined shift Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-10-12 00:25:47 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2014-10-12 00:28:07 +0200
commit: 0db1f2c2c78db18999fccd46a156408e5e87c8a1 (patch)
tree: cf81083be395c5636616bdf5a863bcfea84d3849 /libavcodec/mjpegdec.c
parent: 903156aa8a352a5df34cd1e34c21b2193a447d5e (diff)
download: ffmpeg-0db1f2c2c78db18999fccd46a156408e5e87c8a1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 89666729ca..271c05e40f 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -256,6 +256,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
     s->avctx->bits_per_raw_sample =
     bits = get_bits(&s->gb, 8);
 
+    if (bits > 16 || bits < 1) {
+        av_log(s->avctx, AV_LOG_ERROR, "bits %d is invalid\n", bits);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (s->pegasus_rct)
         bits = 9;
     if (bits == 9 && !s->pegasus_rct)
author	Michael Niedermayer <michaelni@gmx.at>	2014-10-12 00:25:47 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2014-10-12 00:28:07 +0200
commit	0db1f2c2c78db18999fccd46a156408e5e87c8a1 (patch)
tree	cf81083be395c5636616bdf5a863bcfea84d3849 /libavcodec/mjpegdec.c
parent	903156aa8a352a5df34cd1e34c21b2193a447d5e (diff)
download	ffmpeg-0db1f2c2c78db18999fccd46a156408e5e87c8a1.tar.gz