Mercurial > libavcodec.hg

changeset 9700:1a8821c5d28d libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add a few size checks when decoding rtjpeg blocks. Might avoid crashes in unlikely cases, but mostly avoids ugly artefacts for partial frames.
author reimar
date Sun, 24 May 2009 09:03:45 +0000
parents 19c88aa29bec
children 31f48c034eae
files rtjpeg.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/rtjpeg.c	Sun May 24 08:36:52 2009 +0000
+++ b/rtjpeg.c	Sun May 24 09:03:45 2009 +0000
@@ -55,6 +55,9 @@
 
     // number of non-zero coefficients
     coeff = get_bits(gb, 6);
+    if (get_bits_count(gb) + (coeff << 1) >= gb->size_in_bits)
+        return 0;
+
     // normally we would only need to clear the (63 - coeff) last values,
     // but since we do not know where they are we just clear the whole block
     memset(block, 0, 64 * sizeof(DCTELEM));
@@ -69,6 +72,8 @@
 
     // 4 bits per coefficient
     ALIGN(4);
+    if (get_bits_count(gb) + (coeff << 2) >= gb->size_in_bits)
+        return 0;
     while (coeff) {
         ac = get_sbits(gb, 4);
         if (ac == -8)
@@ -78,6 +83,8 @@
 
     // 8 bits per coefficient
     ALIGN(8);
+    if (get_bits_count(gb) + (coeff << 3) >= gb->size_in_bits)
+        return 0;
     while (coeff) {
         ac = get_sbits(gb, 8);
         PUT_COEFF(ac);