summaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorPeter Ross <pross@xvid.org>2011-03-12 13:12:05 +1100
committerPeter Ross <pross@xvid.org>2011-03-13 16:08:52 +1100
commit435535e41159fbe7423a12078d684329a554776d (patch)
treea9eb5ddb8342c6e1a9f012d21b61c0268235f91b /libavformat
parent478607668c8840278c3fdd97382c3fae3f8cd7a2 (diff)
downloadffmpeg-streaming-435535e41159fbe7423a12078d684329a554776d.zip
ffmpeg-streaming-435535e41159fbe7423a12078d684329a554776d.tar.gz
jv demuxer: prevent video packet size overflow
In the event of overflow, the JV_PADDING state will avio_skip over any overflow bytes (using JVFrame.total_size).
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/jvdec.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c
index 314a341..9235e51 100644
--- a/libavformat/jvdec.c
+++ b/libavformat/jvdec.c
@@ -116,6 +116,8 @@ static int read_header(AVFormatContext *s,
jvf->audio_size = avio_rl32(pb);
jvf->video_size = avio_rl32(pb);
jvf->palette_size = avio_r8(pb) ? 768 : 0;
+ jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0),
+ INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size);
if (avio_r8(pb))
av_log(s, AV_LOG_WARNING, "unsupported audio codec\n");
jvf->video_type = avio_r8(pb);
OpenPOWER on IntegriCloud