mjpegdec: consider chroma subsampling in size check
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Wed, 2 Dec 2015 20:52:23 +0000 (21:52 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Sun, 6 Dec 2015 21:40:41 +0000 (22:40 +0100)
commit5adb5d9d894aa495e7bf9557b4c78350cbfc9d32
treeede3dcf04a9ac33336c27be7fa673ba62a8f2bf0
parenta0a39acd01ea3a98274cd10fef318a35853ff8cd
mjpegdec: consider chroma subsampling in size check

If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.

This fixes out of bounds writes causing segmentation faults or memory
corruption.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavcodec/mjpegdec.c