On 09.01.2015, at 00:50, g...@videolan.org (Carl Eugen Hoyos) wrote:
> ffmpeg | branch: master | Carl Eugen Hoyos <ceho...@ag.or.at> | Fri Jan 9 > 00:30:02 2015 +0100| [cd3405282c7007a535b297d14e50e4ff12c18679] | committer: > Carl Eugen Hoyos > > Skip Exif data when auto-detecting jpeg images. > >> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd3405282c7007a535b297d14e50e4ff12c18679 > --- > > libavformat/img2dec.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c > index 015a20a..329e61d 100644 > --- a/libavformat/img2dec.c > +++ b/libavformat/img2dec.c > @@ -643,14 +643,18 @@ static int j2k_probe(AVProbeData *p) > static int jpeg_probe(AVProbeData *p) > { > const uint8_t *b = p->buf; > - int i, state = 0xD8; > + int i, state = 0xD8, exif_size = 0; > > if (AV_RB16(b) != 0xFFD8 || > AV_RB32(b) == 0xFFD8FFF7) > return 0; > > b += 2; > - for (i = 0; i < p->buf_size - 2; i++) { > + if (AV_RB16(b) == 0xFFE1 && AV_RB32(b + 4) == AV_RB32("Exif")) { Are we allowed to just assume that buf_size is >= 8 (or that there is at least 8 bytes 0 padding)? > + exif_size = AV_RB16(b + 2) + 2; > + b += exif_size; Also I don't know how we handle it otherwise, but the pointer increment is already undefined behaviour strictly speaking if buf_size < exif_size + 2 _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
