xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-29 14:30:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

verify len field validity in mjpeg_decode_com()

Browse Source 
Originally committed as revision 4451 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer 2005-07-17 11:27:00 +00:00
parent 1b51e051c0
commit e33943728e
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/mjpeg.c
View File

@ -1728,10 +1728,8 @@ out:
static int mjpeg_decode_com(MJpegDecodeContext *s) static int mjpeg_decode_com(MJpegDecodeContext *s)
{ {
/* XXX: verify len field validity */
int len = get_bits(&s->gb, 16); int len = get_bits(&s->gb, 16);
if (len >= 2 && len < 32768) { if (len >= 2 && 8*len - 16 + get_bits_count(&s->gb) <= s->gb.size_in_bits) {
/* XXX: any better upper bound */
uint8_t *cbuf = av_malloc(len - 1); uint8_t *cbuf = av_malloc(len - 1);
if (cbuf) { if (cbuf) {
int i; int i;