falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

jvdec: check that the video_size fits in the packet. 

Prevents use of out of array data and fate failure.

Found-by: durandal_1707
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n1.0
Michael Niedermayer 13 years ago
parent
596814f978
commit
114f82ee7e
2 changed files with 1 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      libavcodec/jvdec.c
  2. +0
    -1
      tests/ref/fate/jv

+ 1
- 1
libavcodec/jvdec.c View File

@@ -143,7 +143,7 @@ static int decode_frame(AVCodecContext *avctx,
buf += 5;

if (video_size) {
if(video_size < 0) {
if(video_size < 0 || video_size > buf_size) {
av_log(avctx, AV_LOG_ERROR, "video size %d invalid\n", video_size);
return AVERROR_INVALIDDATA;
}


+ 0
- 1
tests/ref/fate/jv View File

@@ -6,4 +6,3 @@
0, 5, 5, 1, 192000, 0xb8e331eb
0, 6, 6, 1, 192000, 0xd35b2053
0, 7, 7, 1, 192000, 0x01062188
0, 8, 8, 1, 192000, 0xa3a73b87

Write Preview
Loading…
Cancel
Save