virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/mjpegdec: fix overread in find_marker()

Browse Source 
Found-by: Laurent Butti <laurentb@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-08-23 04:14:08 +02:00
parent 2baa12f1d1
commit 16a0d75c76
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/mjpegdec.c
View File

@ -1610,7 +1610,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end)
int skipped = 0; int skipped = 0;
buf_ptr = *pbuf_ptr; buf_ptr = *pbuf_ptr;
while (buf_ptr < buf_end) { while (buf_end - buf_ptr > 1) {
v = *buf_ptr++; v = *buf_ptr++;
v2 = *buf_ptr; v2 = *buf_ptr;
if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) { if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) {
@ -1619,6 +1619,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end)
} }
skipped++; skipped++;
} }
buf_ptr = buf_end;
val = -1; val = -1;
found: found:
av_dlog(NULL, "find_marker skipped %d bytes\n", skipped); av_dlog(NULL, "find_marker skipped %d bytes\n", skipped);