This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit d84bec2bd6f4e5ffe2a747d1d6d7bdc3c8d46e8e Author: Michael Niedermayer <[email protected]> AuthorDate: Thu Apr 23 00:23:57 2026 +0000 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:13 2026 +0200 avformat/rtpdec_jpeg: check qtable_len Fixes: out of array access Fixes: 605/pc.py Based-on patch by depthfirst *Reporter: Zhenpeng (Leo) Lin at depthfirst* (cherry picked from commit 91d29be49a5b0f19dc888ec2d60f6776387d15b8) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/rtpdec_jpeg.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/rtpdec_jpeg.c b/libavformat/rtpdec_jpeg.c index b32d074136..bc01a5d772 100644 --- a/libavformat/rtpdec_jpeg.c +++ b/libavformat/rtpdec_jpeg.c @@ -274,6 +274,12 @@ static int jpeg_parse_packet(AVFormatContext *ctx, PayloadContext *jpeg, av_log(ctx, AV_LOG_WARNING, "Only 8-bit precision is supported.\n"); if (qtable_len > 0) { + if (qtable_len != 128) { + av_log(ctx, AV_LOG_ERROR, "Invalid RTP/JPEG packet. Invalid qtable length %d.\n", qtable_len); + if (qtable_len%64 || qtable_len > 4*64) + return AVERROR_INVALIDDATA; + } + if (len < qtable_len) { av_log(ctx, AV_LOG_ERROR, "Too short RTP/JPEG packet.\n"); return AVERROR_INVALIDDATA; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
