Skip to content

F
ffmpeg.wasm-core
Commit 16a0d75c authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/mjpegdec: fix overread in find_marker() 

Found-by: 's avatarLaurent Butti <laurentb@gmail.com>
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 2baa12f1
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
libavcodec/mjpegdec.c
View file @ 16a0d75c
...@@ -1610,7 +1610,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end) ...@@ -1610,7 +1610,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end)
int skipped = 0; int skipped = 0;
buf_ptr = *pbuf_ptr; buf_ptr = *pbuf_ptr;
while (buf_ptr < buf_end) { while (buf_end - buf_ptr > 1) {
v = *buf_ptr++; v = *buf_ptr++;
v2 = *buf_ptr; v2 = *buf_ptr;
if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) { if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) {
...@@ -1619,6 +1619,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end) ...@@ -1619,6 +1619,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end)
} }
skipped++; skipped++;
} }
buf_ptr = buf_end;
val = -1; val = -1;
found: found:
av_dlog(NULL, "find_marker skipped %d bytes\n", skipped); av_dlog(NULL, "find_marker skipped %d bytes\n", skipped);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment