check len (should fix #1165694)

Originally committed as revision 4436 to svn://svn.ffmpeg.org/ffmpeg/trunk

check len (should fix #1165694)
Originally committed as revision 4436 to svn://svn.ffmpeg.org/ffmpeg/trunk
aa6ff39b · Michael Niedermayer · 1a55810e · aa6ff39b
Commit aa6ff39b authored Jul 11, 2005 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

mjpeg.c libavcodec/mjpeg.c +2 -1

No files found.
--- a/libavcodec/mjpeg.c
+++ b/libavcodec/mjpeg.c
@@ -1585,10 +1585,11 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 {
    int len, id;

-    /* XXX: verify len field validity */
    len = get_bits(&s->gb, 16);
    if (len < 5)
 	return -1;
+    if(8*len + get_bits_count(&s->gb) > s->gb.size_in_bits)
+        return -1;

    id = (get_bits(&s->gb, 16) << 16) | get_bits(&s->gb, 16);
    id = be2me_32(id);