Commit afa92907 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/mjpegdec: Check escape sequence validity

Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 7f02fcd9
...@@ -1901,6 +1901,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, ...@@ -1901,6 +1901,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
put_bits(&pb, 8, x); put_bits(&pb, 8, x);
if (x == 0xFF) { if (x == 0xFF) {
x = src[b++]; x = src[b++];
if (x & 0x80) {
av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n");
x &= 0x7f;
}
put_bits(&pb, 7, x); put_bits(&pb, 7, x);
bit_count--; bit_count--;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment