[FFmpeg-cvslog] nuv: check RTjpeg header for validity

Janne Grunau git at videolan.org
Mon Feb 18 01:09:39 CET 2013


ffmpeg | branch: release/0.7 | Janne Grunau <janne-libav at jannau.net> | Mon Aug  6 13:59:04 2012 +0200| [f31170d4e7f9671e019315391160d454b18d7296] | committer: Anton Khirnov

nuv: check RTjpeg header for validity

CC: libav-stable at libav.org
(cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad)

Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9)

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f31170d4e7f9671e019315391160d454b18d7296
---

 libavcodec/nuv.c    |    9 +++++----
 libavcodec/rtjpeg.h |    3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c
index 0c5e42f..00767c5 100644
--- a/libavcodec/nuv.c
+++ b/libavcodec/nuv.c
@@ -184,17 +184,18 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     }
     if (c->codec_frameheader) {
         int w, h, q;
-        if (buf_size < 12) {
+        if (buf_size < RTJPEG_HEADER_SIZE || buf[4] != RTJPEG_HEADER_SIZE ||
+            buf[5] != RTJPEG_FILE_VERSION) {
             av_log(avctx, AV_LOG_ERROR, "invalid nuv video frame\n");
-            return -1;
+            return AVERROR_INVALIDDATA;
         }
         w = AV_RL16(&buf[6]);
         h = AV_RL16(&buf[8]);
         q = buf[10];
         if (!codec_reinit(avctx, w, h, q))
             return -1;
-        buf = &buf[12];
-        buf_size -= 12;
+        buf = &buf[RTJPEG_HEADER_SIZE];
+        buf_size -= RTJPEG_HEADER_SIZE;
     }
 
     if (keyframe && c->pic.data[0])
diff --git a/libavcodec/rtjpeg.h b/libavcodec/rtjpeg.h
index d537c93..4b46689 100644
--- a/libavcodec/rtjpeg.h
+++ b/libavcodec/rtjpeg.h
@@ -25,6 +25,9 @@
 #include <stdint.h>
 #include "dsputil.h"
 
+#define RTJPEG_FILE_VERSION 0
+#define RTJPEG_HEADER_SIZE 12
+
 typedef struct {
     int w, h;
     DSPContext *dsp;



More information about the ffmpeg-cvslog mailing list