Commit 021dccba authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files

Fix heap overflow due to lack of nb_components check.

Originally committed as revision 21450 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent cc5d4f4c
...@@ -899,6 +899,10 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s) ...@@ -899,6 +899,10 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s)
/* XXX: verify len field validity */ /* XXX: verify len field validity */
len = get_bits(&s->gb, 16); len = get_bits(&s->gb, 16);
nb_components = get_bits(&s->gb, 8); nb_components = get_bits(&s->gb, 8);
if (nb_components == 0 || nb_components > MAX_COMPONENTS){
av_log(s->avctx, AV_LOG_ERROR, "decode_sos: nb_components (%d) unsupported\n", nb_components);
return -1;
}
if (len != 6+2*nb_components) if (len != 6+2*nb_components)
{ {
av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len); av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment