Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

mjpegdec: tighten unescaped_buf_size size check, prevent null ptr deref

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
pull/6/merge
Michael Niedermayer 12 years ago
parent abe68364a3
commit a9456c7c5c
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavcodec/mjpegdec.c

2
libavcodec/mjpegdec.c
Unescape View File

@ -1611,7 +1611,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
/* EOF */
if (start_code < 0) {
goto the_end;
} else if (unescaped_buf_size > (1U<<29)) {
} else if (unescaped_buf_size > (1U<<28)) {
av_log(avctx, AV_LOG_ERROR, "MJPEG packet 0x%x too big (0x%x/0x%x), corrupt data?\n",
start_code, unescaped_buf_size, buf_size);
return AVERROR_INVALIDDATA;

Write Preview
Loading…
Cancel
Save