Module: libav Branch: release/0.8 Commit: a13ad11dc5cd0e93f830d6c9c6531542ca24e812
Author: Michael Niedermayer <[email protected]> Committer: Diego Biurrun <[email protected]> Date: Wed Feb 4 20:48:30 2015 +0100 mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses. Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Bug-Id: CVE-2015-1872 (cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037) Signed-off-by: Diego Biurrun <[email protected]> --- libavcodec/mjpegdec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index a1a6789..0266bc1 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -359,9 +359,12 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) return -1; } if (s->ls) { - if (s->nb_components > 1) + if (s->nb_components == 3) { s->avctx->pix_fmt = PIX_FMT_RGB24; - else if (s->bits <= 8) + } else if (s->nb_components != 1) { + av_log(s->avctx, AV_LOG_ERROR, "Unsupported number of components %d\n", s->nb_components); + return AVERROR_PATCHWELCOME; + } else if (s->bits <= 8) s->avctx->pix_fmt = PIX_FMT_GRAY8; else s->avctx->pix_fmt = PIX_FMT_GRAY16; _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
