[Ffmpeg-cvslog] CVS: ffmpeg/libavcodec mjpeg.c,1.109,1.110
Michael Niedermayer CVS
michael
Sun Jul 17 13:27:02 CEST 2005
Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv13467
Modified Files:
mjpeg.c
Log Message:
verify len field validity in mjpeg_decode_com()
Index: mjpeg.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mjpeg.c,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -d -r1.109 -r1.110
--- mjpeg.c 11 Jul 2005 23:39:47 -0000 1.109
+++ mjpeg.c 17 Jul 2005 11:27:00 -0000 1.110
@@ -1728,10 +1728,8 @@
static int mjpeg_decode_com(MJpegDecodeContext *s)
{
- /* XXX: verify len field validity */
int len = get_bits(&s->gb, 16);
- if (len >= 2 && len < 32768) {
- /* XXX: any better upper bound */
+ if (len >= 2 && 8*len - 16 + get_bits_count(&s->gb) <= s->gb.size_in_bits) {
uint8_t *cbuf = av_malloc(len - 1);
if (cbuf) {
int i;
More information about the ffmpeg-cvslog
mailing list