[FFmpeg-cvslog] avcodec/mjpegdec: Check escape sequence validity

Michael Niedermayer git at videolan.org
Fri Feb 13 20:59:54 CET 2015


ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Wed Feb  4 20:13:18 2015 +0100| [3531ff8db31926c115ac771b3d5232261b1530f9] | committer: Michael Niedermayer

avcodec/mjpegdec: Check escape sequence validity

Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit afa92907f3c6a0c3bdad766ec8d938ee17ee1c9e)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3531ff8db31926c115ac771b3d5232261b1530f9
---

 libavcodec/mjpegdec.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 95a066f..e8bbf60 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1877,6 +1877,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
             put_bits(&pb, 8, x);
             if (x == 0xFF) {
                 x = src[b++];
+                if (x & 0x80) {
+                    av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n");
+                    x &= 0x7f;
+                }
                 put_bits(&pb, 7, x);
                 bit_count--;
             }



More information about the ffmpeg-cvslog mailing list