mjpeg: Detect overreads in mjpeg_decode_scan() and error out.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rbultje@google.com>
pull/2/head
Michael Niedermayer 14 years ago committed by Reinhard Tartler
parent 4bc282322b
commit 76cd98b445
  1. 4
      libavcodec/mjpegdec.c

@ -826,6 +826,10 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i
if (s->restart_interval && !s->restart_count) if (s->restart_interval && !s->restart_count)
s->restart_count = s->restart_interval; s->restart_count = s->restart_interval;
if(get_bits_count(&s->gb)>s->gb.size_in_bits){
av_log(s->avctx, AV_LOG_ERROR, "overread %d\n", get_bits_count(&s->gb) - s->gb.size_in_bits);
return -1;
}
for(i=0;i<nb_components;i++) { for(i=0;i<nb_components;i++) {
uint8_t *ptr; uint8_t *ptr;
int n, h, v, x, y, c, j; int n, h, v, x, y, c, j;

Loading…
Cancel
Save