[FFmpeg-cvslog] avcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan()

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer <michaelni at gmx.at> | Thu Sep  5 00:36:44 2013 +0200| [4a5bb426e26ed8d46e5ece4ab90ff936499d8536] | committer: Michael Niedermayer

avcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan()

These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 61c68000eda643dfce96dc46b488d39fd5c4e309)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a5bb426e26ed8d46e5ece4ab90ff936499d8536
---

 libavcodec/mjpegdec.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 662f0b4..9292351 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -719,6 +719,12 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p
     int resync_mb_y = 0;
     int resync_mb_x = 0;
 
+    if (s->nb_components != 3 && s->nb_components != 4)
+        return AVERROR_INVALIDDATA;
+    if (s->v_max != 1 || s->h_max != 1 || !s->lossless)
+        return AVERROR_INVALIDDATA;
+
+
     s->restart_count = s->restart_interval;
 
     av_fast_malloc(&s->ljpeg_buffer, &s->ljpeg_buffer_size,