virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

jvdec: check that the video_size fits in the packet.

Browse Source 
Prevents use of out of array data and fate failure.

Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2012-07-03 12:32:26 +02:00
parent 596814f978
commit 114f82ee7e
2 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/jvdec.c
View File

@@ -143,7 +143,7 @@ static int decode_frame(AVCodecContext *avctx,
buf += 5; buf += 5;
if (video_size) { if (video_size) {
if(video_size < 0) { if(video_size < 0 || video_size > buf_size) {
av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size); av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size);
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }

1
tests/ref/fate/jv
View File

@@ -6,4 +6,3 @@
0, 5, 5, 1, 192000, 0xb8e331eb 0, 5, 5, 1, 192000, 0xb8e331eb
0, 6, 6, 1, 192000, 0xd35b2053 0, 6, 6, 1, 192000, 0xd35b2053
0, 7, 7, 1, 192000, 0x01062188 0, 7, 7, 1, 192000, 0x01062188
0, 8, 8, 1, 192000, 0xa3a73b87