Mercurial > libavcodec.hg

changeset 2798:eb488002ab4a libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
verify len field validity in mjpeg_decode_com()
author michael
date Sun, 17 Jul 2005 11:27:00 +0000
parents 217844bd1fa1
children 924c7e66ced8
files mjpeg.c
diffstat 1 files changed, 1 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mjpeg.c	Sun Jul 17 09:22:51 2005 +0000
+++ b/mjpeg.c	Sun Jul 17 11:27:00 2005 +0000
@@ -1728,10 +1728,8 @@
 
 static int mjpeg_decode_com(MJpegDecodeContext *s)
 {
-    /* XXX: verify len field validity */
     int len = get_bits(&s->gb, 16);
-    if (len >= 2 && len < 32768) {
-	/* XXX: any better upper bound */
+    if (len >= 2 && 8*len - 16 + get_bits_count(&s->gb) <= s->gb.size_in_bits) {
 	uint8_t *cbuf = av_malloc(len - 1);
 	if (cbuf) {
 	    int i;