Skip to content

F
ffmpeg.wasm-core
Commit dce778e0 authored by Zdenek Kabelac's avatar Zdenek Kabelac
Browse files
Options

* check for potentialy problematic field len 

Originally committed as revision 1572 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent b29f97d1
Show whitespace changes
Inline Side-by-side
Showing with 24 additions and 22 deletions
libavcodec/mjpeg.c
View file @ dce778e0
...@@ -1262,16 +1262,16 @@ out: ...@@ -1262,16 +1262,16 @@ out:
static int mjpeg_decode_com(MJpegDecodeContext *s) static int mjpeg_decode_com(MJpegDecodeContext *s)
{ {
int i;
UINT8 *cbuf;
/* XXX: verify len field validity */ /* XXX: verify len field validity */
unsigned int len = get_bits(&s->gb, 16)-2; unsigned int len = get_bits(&s->gb, 16);
cbuf = av_malloc(len+1); if (len >= 2 && len < 32768) {
/* XXX: any better upper bound */
for (i = 0; i < len; i++) UINT8 *cbuf = av_malloc(len - 1);
if (cbuf) {
int i;
for (i = 0; i < len - 2; i++)
cbuf[i] = get_bits(&s->gb, 8); cbuf[i] = get_bits(&s->gb, 8);
if (cbuf[i-1] == '\n') if (i > 0 && cbuf[i-1] == '\n')
cbuf[i-1] = 0; cbuf[i-1] = 0;
else else
cbuf[i] = 0; cbuf[i] = 0;
...@@ -1282,11 +1282,13 @@ static int mjpeg_decode_com(MJpegDecodeContext *s) ...@@ -1282,11 +1282,13 @@ static int mjpeg_decode_com(MJpegDecodeContext *s)
if (!strcmp(cbuf, "AVID")) if (!strcmp(cbuf, "AVID"))
{ {
s->buggy_avid = 1; s->buggy_avid = 1;
// if (s->first_picture) // if (s->first_picture)
// printf("mjpeg: workarounding buggy AVID\n"); // printf("mjpeg: workarounding buggy AVID\n");
} }
av_free(cbuf); av_free(cbuf);
}
}
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment