[FFmpeg-devel] [PATCH] some length validation for mjpegdec
Reimar Döffinger
Reimar.Doeffinger
Sat Jul 24 10:25:17 CEST 2010
On Sat, Jul 24, 2010 at 02:54:58AM +0200, Michael Niedermayer wrote:
> > @@ -225,6 +232,15 @@
> > if (nb_components <= 0 ||
> > nb_components > MAX_COMPONENTS)
> > return -1;
> > + if (len != 8 + 3*nb_components)
> > + {
> > + av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len);
> > + len = 8 + 3*nb_components;
> > + }
> > + if (len > (get_bits_left(&s->gb) + 4*16) >> 3) {
> > + av_log(s->avctx, AV_LOG_ERROR, "decode_sof: not enough data\n");
> > + return -1;
> > + }
>
> this is hmm
> len is not used anywhere, setting it to a wrong value
> is just wrong
> the actual amount read could be tested without messing with len
Sure, it's just that the len check was already there and I thought
allowing an inconsistent len value would be a bad idea.
However I also didn't want to fail on it, since having a check there
that did not fail seemed like an indication that there might
be files out there that are broken that way.
Is there any alternative you like particularly?
More information about the ffmpeg-devel
mailing list