Mercurial > libavcodec.hg

changeset 11006:d99420b73262 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix heap overflow due to lack of nb_components check.
author michael
date Mon, 25 Jan 2010 13:26:10 +0000
parents bc62e2826782
children 8d4ae55fdada
files mjpegdec.c
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mjpegdec.c	Mon Jan 25 10:46:32 2010 +0000
+++ b/mjpegdec.c	Mon Jan 25 13:26:10 2010 +0000
@@ -899,6 +899,10 @@
     /* XXX: verify len field validity */
     len = get_bits(&s->gb, 16);
     nb_components = get_bits(&s->gb, 8);
+    if (nb_components == 0 || nb_components > MAX_COMPONENTS){
+        av_log(s->avctx, AV_LOG_ERROR, "decode_sos: nb_components (%d) unsupported\n", nb_components);
+        return -1;
+    }
     if (len != 6+2*nb_components)
     {
         av_log(s->avctx, AV_LOG_ERROR, "decode_sos: invalid len (%d)\n", len);