mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-24 13:56:33 +02:00
Add a few size checks when decoding rtjpeg blocks.
Might avoid crashes in unlikely cases, but mostly avoids ugly artefacts for partial frames. Originally committed as revision 18925 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
0766291a66
commit
8d857c5434
@ -55,6 +55,9 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
|
||||
|
||||
// number of non-zero coefficients
|
||||
coeff = get_bits(gb, 6);
|
||||
if (get_bits_count(gb) + (coeff << 1) >= gb->size_in_bits)
|
||||
return 0;
|
||||
|
||||
// normally we would only need to clear the (63 - coeff) last values,
|
||||
// but since we do not know where they are we just clear the whole block
|
||||
memset(block, 0, 64 * sizeof(DCTELEM));
|
||||
@ -69,6 +72,8 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
|
||||
|
||||
// 4 bits per coefficient
|
||||
ALIGN(4);
|
||||
if (get_bits_count(gb) + (coeff << 2) >= gb->size_in_bits)
|
||||
return 0;
|
||||
while (coeff) {
|
||||
ac = get_sbits(gb, 4);
|
||||
if (ac == -8)
|
||||
@ -78,6 +83,8 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
|
||||
|
||||
// 8 bits per coefficient
|
||||
ALIGN(8);
|
||||
if (get_bits_count(gb) + (coeff << 3) >= gb->size_in_bits)
|
||||
return 0;
|
||||
while (coeff) {
|
||||
ac = get_sbits(gb, 8);
|
||||
PUT_COEFF(ac);
|
||||
|
Loading…
x
Reference in New Issue
Block a user