Skip to content

F
ffmpeg.wasm-core
Commit abad3749 authored by Luca Barbato's avatar Luca Barbato
Browse files
Options

jpegls: check the scan offset 

Prevent an out of array bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
parent 4a4107b4
Show whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
libavcodec/jpeglsdec.c
View file @ abad3749
...@@ -306,6 +306,10 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -306,6 +306,10 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
av_dlog(s->avctx, "JPEG params: ILV=%i Pt=%i BPP=%i, scan = %i\n", av_dlog(s->avctx, "JPEG params: ILV=%i Pt=%i BPP=%i, scan = %i\n",
ilv, point_transform, s->bits, s->cur_scan); ilv, point_transform, s->bits, s->cur_scan);
if (ilv == 0) { /* separate planes */ if (ilv == 0) { /* separate planes */
if (s->cur_scan > s->nb_components) {
ret = AVERROR_INVALIDDATA;
goto end;
}
off = s->cur_scan - 1; off = s->cur_scan - 1;
stride = (s->nb_components > 1) ? 3 : 1; stride = (s->nb_components > 1) ? 3 : 1;
width = s->width * stride; width = s->width * stride;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment