GitList

Browse code

avcodec/mjpegdec: Check escape sequence validity

Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Michael Niedermayer authored on 2015/02/05 04:13:18
Showing 1 changed files

libavcodec/mjpegdec.c index a2a93c1..f04b603 100644

libavcodec/mjpegdec.c

History View file @ 20be3ea

@@ -1631,6 +1631,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
                                  put_bits(&pb, 8, x);
                                  if (x == 0xFF) {
                                      x = src[b++];
                     +                if (x & 0x80) {
                     +                    av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n");
                     +                    x &= 0x7f;
                     +                }
                                      put_bits(&pb, 7, x);
                                      bit_count--;
+                                 }