lavc/mjpegdec: Do not overread too short JFIF tags.

Fixes ticket #6055.
author: Carl Eugen Hoyos <cehoyos@ag.or.at> 2017-01-01 14:19:48 +0100
committer: Carl Eugen Hoyos <cehoyos@ag.or.at> 2017-01-01 18:53:27 +0100
commit: 4acea512f36b96256535b45b1a7e723c61c89c31 (patch)
tree: fdbd13f5ae20cc626bf93472f243774eb4ea0a13 /libavcodec/mjpegdec.c
parent: b7a6d28e5e7ae4dff7c53a2f24e2017220dd6cc1 (diff)
download: ffmpeg-4acea512f36b96256535b45b1a7e723c61c89c31.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index eee8d58147..e0b22ec948 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1670,6 +1670,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 
     if (id == AV_RB32("JFIF")) {
         int t_w, t_h, v1, v2;
+        if (len < 8)
+            goto out;
         skip_bits(&s->gb, 8); /* the trailing zero-byte */
         v1 = get_bits(&s->gb, 8);
         v2 = get_bits(&s->gb, 8);
author	Carl Eugen Hoyos <cehoyos@ag.or.at>	2017-01-01 14:19:48 +0100
committer	Carl Eugen Hoyos <cehoyos@ag.or.at>	2017-01-01 18:53:27 +0100
commit	4acea512f36b96256535b45b1a7e723c61c89c31 (patch)
tree	fdbd13f5ae20cc626bf93472f243774eb4ea0a13 /libavcodec/mjpegdec.c
parent	b7a6d28e5e7ae4dff7c53a2f24e2017220dd6cc1 (diff)
download	ffmpeg-4acea512f36b96256535b45b1a7e723c61c89c31.tar.gz