videolan
/
ffmpeg
mirror of https://git.videolan.org/git/ffmpeg.git
1
Fork 0
Code Releases Activity

jvdec: Do not feed the decoder with known wrong data 

Still assume the size value is right in non-explode mode.
This commit is contained in:
Luca Barbato 2013-12-13 03:07:57 +01:00
parent e518cb863e
commit 15739a9bd1
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libavformat/jvdec.c
View File

@ -128,10 +128,23 @@ static int read_header(AVFormatContext *s)
jvf->audio_size = avio_rl32(pb);
jvf->video_size = avio_rl32(pb);
jvf->palette_size = avio_r8(pb) ? 768 : 0;
jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0),
INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size);
if ((jvf->video_size | jvf->audio_size) & ~0xFFFFFF ||
e->size - jvf->audio_size
- jvf->video_size
- jvf->palette_size < 0) {
if (s->error_recognition & AV_EF_EXPLODE) {
read_close(s);
return AVERROR_INVALIDDATA;
}
jvf->audio_size =
jvf->video_size =
jvf->palette_size = 0;
}
if (avio_r8(pb))
av_log(s, AV_LOG_WARNING, "unsupported audio codec\n");
jvf->video_type = avio_r8(pb);
avio_skip(pb, 1);