virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-04 06:08:26 +02:00
Code Issues Releases Activity

jvdec: Do not feed the decoder with known wrong data

Browse Source 
Still assume the size value is right in non-explode mode.
This commit is contained in:
Luca Barbato 2013-12-13 03:07:57 +01:00
parent e518cb863e
commit 15739a9bd1
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libavformat/jvdec.c
View File

@ -128,10 +128,23 @@ static int read_header(AVFormatContext *s)
jvf->audio_size = avio_rl32(pb); jvf->audio_size = avio_rl32(pb);
jvf->video_size = avio_rl32(pb); jvf->video_size = avio_rl32(pb);
jvf->palette_size = avio_r8(pb) ? 768 : 0; jvf->palette_size = avio_r8(pb) ? 768 : 0;
jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0),
INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size); if ((jvf->video_size | jvf->audio_size) & ~0xFFFFFF ||
e->size - jvf->audio_size
- jvf->video_size
- jvf->palette_size < 0) {
if (s->error_recognition & AV_EF_EXPLODE) {
read_close(s);
return AVERROR_INVALIDDATA;
}
jvf->audio_size =
jvf->video_size =
jvf->palette_size = 0;
}
if (avio_r8(pb)) if (avio_r8(pb))
av_log(s, AV_LOG_WARNING, "unsupported audio codec\n"); av_log(s, AV_LOG_WARNING, "unsupported audio codec\n");
jvf->video_type = avio_r8(pb); jvf->video_type = avio_r8(pb);
avio_skip(pb, 1); avio_skip(pb, 1);