Mercurial > libavcodec.hg
comparison mjpegdec.c @ 11006:d99420b73262 libavcodec
Fix heap overflow due to lack of nb_components check.
| author | michael |
|---|---|
| date | Mon, 25 Jan 2010 13:26:10 +0000 |
| parents | 2aab93afc826 |
| children | 8d4ae55fdada |
comparison
equal
deleted
inserted
replaced
| 11005:bc62e2826782 | 11006:d99420b73262 |
|---|---|
| 897 int ilv, prev_shift; | 897 int ilv, prev_shift; |
| 898 | 898 |
| 899 /* XXX: verify len field validity */ | 899 /* XXX: verify len field validity */ |
| 900 len = get_bits(&s->gb, 16); | 900 len = get_bits(&s->gb, 16); |
| 901 nb_components = get_bits(&s->gb, 8); | 901 nb_components = get_bits(&s->gb, 8); |
| 902 if (nb_components == 0 || nb_components > MAX_COMPONENTS){ | |
| 903 av_log(s->avctx, AV_LOG_ERROR, "decode_sos: nb_components (%d) unsupported\n", nb_components); | |
| 904 return -1; | |
| 905 } | |
| 902 if (len != 6+2*nb_components) | 906 if (len != 6+2*nb_components) |
| 903 { | 907 { |
| 904 av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len); | 908 av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len); |
| 905 return -1; | 909 return -1; |
| 906 } | 910 } |