[FFmpeg-cvslog] jvdec: check that the video_size fits in the packet.
    Michael Niedermayer 
    git at videolan.org
       
    Tue Jul  3 12:38:48 CEST 2012
    
    
  
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jul  3 12:32:26 2012 +0200| [114f82ee7e384ff80151fe6f4ed89d46c2f20419] | committer: Michael Niedermayer
jvdec: check that the video_size fits in the packet.
Prevents use of out of array data and fate failure.
Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=114f82ee7e384ff80151fe6f4ed89d46c2f20419
---
 libavcodec/jvdec.c |    2 +-
 tests/ref/fate/jv  |    1 -
 2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index 4031fad..728b749 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -143,7 +143,7 @@ static int decode_frame(AVCodecContext *avctx,
     buf += 5;
 
     if (video_size) {
-        if(video_size < 0) {
+        if(video_size < 0 || video_size > buf_size) {
             av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size);
             return AVERROR_INVALIDDATA;
         }
diff --git a/tests/ref/fate/jv b/tests/ref/fate/jv
index 88b345c..b0a6008 100644
--- a/tests/ref/fate/jv
+++ b/tests/ref/fate/jv
@@ -6,4 +6,3 @@
 0,          5,          5,        1,   192000, 0xb8e331eb
 0,          6,          6,        1,   192000, 0xd35b2053
 0,          7,          7,        1,   192000, 0x01062188
-0,          8,          8,        1,   192000, 0xa3a73b87
    
    
More information about the ffmpeg-cvslog
mailing list