[FFmpeg-cvslog] r21450 - trunk/libavcodec/mjpegdec.c
michael
subversion
Mon Jan 25 14:26:10 CET 2010
Author: michael
Date: Mon Jan 25 14:26:10 2010
New Revision: 21450
Log:
Fix heap overflow due to lack of nb_components check.
Modified:
trunk/libavcodec/mjpegdec.c
Modified: trunk/libavcodec/mjpegdec.c
==============================================================================
--- trunk/libavcodec/mjpegdec.c Mon Jan 25 11:46:32 2010 (r21449)
+++ trunk/libavcodec/mjpegdec.c Mon Jan 25 14:26:10 2010 (r21450)
@@ -899,6 +899,10 @@ int ff_mjpeg_decode_sos(MJpegDecodeConte
/* XXX: verify len field validity */
len = get_bits(&s->gb, 16);
nb_components = get_bits(&s->gb, 8);
+ if (nb_components == 0 || nb_components > MAX_COMPONENTS){
+ av_log(s->avctx, AV_LOG_ERROR, "decode_sos: nb_components (%d) unsupported\n", nb_components);
+ return -1;
+ }
if (len != 6+2*nb_components)
{
av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len);
More information about the ffmpeg-cvslog
mailing list