[FFmpeg-devel] [PATCH]lavc/mjpegdec: Do not overread too short JFIF tag
Carl Eugen Hoyos
cehoyos at ag.or.at
Sun Jan 1 15:22:23 EET 2017
Hi!
Attached patch fixes ticket #6055 for me.
Please comment, Carl Eugen
-------------- next part --------------
From 3a9e911de8c5a4cf7748fa814e66b2e775778bfa Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <cehoyos at ag.or.at>
Date: Sun, 1 Jan 2017 14:19:48 +0100
Subject: [PATCH] lavc/mjpegdec: Do not overread too short JFIF tags.
Fixes ticket #6055.
---
libavcodec/mjpegdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index eee8d58..e0b22ec 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1670,6 +1670,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
if (id == AV_RB32("JFIF")) {
int t_w, t_h, v1, v2;
+ if (len < 8)
+ goto out;
skip_bits(&s->gb, 8); /* the trailing zero-byte */
v1 = get_bits(&s->gb, 8);
v2 = get_bits(&s->gb, 8);
--
1.7.10.4
More information about the ffmpeg-devel
mailing list