ffmpeg | branch: master | Michael Niedermayer <michae...@gmx.at> | Sun Oct 12 00:25:47 2014 +0200| [0db1f2c2c78db18999fccd46a156408e5e87c8a1] | committer: Michael Niedermayer
avcodec/mjpegdec: sanity check bits Fixes undefined shift Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0db1f2c2c78db18999fccd46a156408e5e87c8a1 --- libavcodec/mjpegdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 8966672..271c05e 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -256,6 +256,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) s->avctx->bits_per_raw_sample = bits = get_bits(&s->gb, 8); + if (bits > 16 || bits < 1) { + av_log(s->avctx, AV_LOG_ERROR, "bits %d is invalid\n", bits); + return AVERROR_INVALIDDATA; + } + if (s->pegasus_rct) bits = 9; if (bits == 9 && !s->pegasus_rct) _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
