Fix heap overflow due to lack of nb_components check.

Originally committed as revision 21450 to svn://svn.ffmpeg.org/ffmpeg/trunk
2025-10-30 23:18:11 +02:00 · 2010-01-25 13:26:10 +00:00
parent cc5d4f4c34
commit 021dccba1f
1 changed files with 4 additions and 0 deletions
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -899,6 +899,10 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s)
    /* XXX: verify len field validity */
    len = get_bits(&s->gb, 16);
    nb_components = get_bits(&s->gb, 8);
+    if (nb_components == 0 || nb_components > MAX_COMPONENTS){
+        av_log(s->avctx, AV_LOG_ERROR, "decode_sos: nb_components (%d) unsupported\n", nb_components);
+        return -1;
+    }
    if (len != 6+2*nb_components)
    {
        av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len);