[FFmpeg-cvslog] lavc/mjpegdec: Do not overread too short JFIF tags.

Carl Eugen Hoyos Sun, 01 Jan 2017 09:56:00 -0800

ffmpeg | branch: master | Carl Eugen Hoyos <ceho...@ag.or.at> | Sun Jan  1 
14:19:48 2017 +0100| [4acea512f36b96256535b45b1a7e723c61c89c31] | committer: 
Carl Eugen Hoyos


lavc/mjpegdec: Do not overread too short JFIF tags.

Fixes ticket #6055.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4acea512f36b96256535b45b1a7e723c61c89c31
---

 libavcodec/mjpegdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index eee8d58..e0b22ec 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1670,6 +1670,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 
     if (id == AV_RB32("JFIF")) {
         int t_w, t_h, v1, v2;
+        if (len < 8)
+            goto out;
         skip_bits(&s->gb, 8); /* the trailing zero-byte */
         v1 = get_bits(&s->gb, 8);
         v2 = get_bits(&s->gb, 8);

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] lavc/mjpegdec: Do not overread too short JFIF tags.

Reply via email to