1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

Add a few size checks when decoding rtjpeg blocks.

Might avoid crashes in unlikely cases, but mostly avoids ugly artefacts
for partial frames.

Originally committed as revision 18925 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Reimar Döffinger 2009-05-24 09:03:45 +00:00
parent 0766291a66
commit 8d857c5434

View File

@ -55,6 +55,9 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
// number of non-zero coefficients // number of non-zero coefficients
coeff = get_bits(gb, 6); coeff = get_bits(gb, 6);
if (get_bits_count(gb) + (coeff << 1) >= gb->size_in_bits)
return 0;
// normally we would only need to clear the (63 - coeff) last values, // normally we would only need to clear the (63 - coeff) last values,
// but since we do not know where they are we just clear the whole block // but since we do not know where they are we just clear the whole block
memset(block, 0, 64 * sizeof(DCTELEM)); memset(block, 0, 64 * sizeof(DCTELEM));
@ -69,6 +72,8 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
// 4 bits per coefficient // 4 bits per coefficient
ALIGN(4); ALIGN(4);
if (get_bits_count(gb) + (coeff << 2) >= gb->size_in_bits)
return 0;
while (coeff) { while (coeff) {
ac = get_sbits(gb, 4); ac = get_sbits(gb, 4);
if (ac == -8) if (ac == -8)
@ -78,6 +83,8 @@ static inline int get_block(GetBitContext *gb, DCTELEM *block, const uint8_t *sc
// 8 bits per coefficient // 8 bits per coefficient
ALIGN(8); ALIGN(8);
if (get_bits_count(gb) + (coeff << 3) >= gb->size_in_bits)
return 0;
while (coeff) { while (coeff) {
ac = get_sbits(gb, 8); ac = get_sbits(gb, 8);
PUT_COEFF(ac); PUT_COEFF(ac);