[FFmpeg-cvslog] jpegls: check the scan offset
Luca Barbato
git at videolan.org
Sat May 18 11:12:28 CEST 2013
ffmpeg | branch: master | Luca Barbato <lu_zero at gentoo.org> | Fri May 17 13:08:55 2013 +0200| [abad374909e6416e941351094f4f1446a71f8d23] | committer: Luca Barbato
jpegls: check the scan offset
Prevent an out of array bound write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abad374909e6416e941351094f4f1446a71f8d23
---
libavcodec/jpeglsdec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 3616063..df72ca3 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -306,6 +306,10 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
av_dlog(s->avctx, "JPEG params: ILV=%i Pt=%i BPP=%i, scan = %i\n",
ilv, point_transform, s->bits, s->cur_scan);
if (ilv == 0) { /* separate planes */
+ if (s->cur_scan > s->nb_components) {
+ ret = AVERROR_INVALIDDATA;
+ goto end;
+ }
off = s->cur_scan - 1;
stride = (s->nb_components > 1) ? 3 : 1;
width = s->width * stride;
More information about the ffmpeg-cvslog
mailing list