mjpegdec: consider chroma subsampling in size check
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Wed, 2 Dec 2015 20:52:23 +0000 (21:52 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 7 Dec 2015 00:34:13 +0000 (01:34 +0100)
commit2e54b8c379bad54599f82d63de26af7c934ccff6
treeac92a4e4102e7271a1e0a1d1cc2a0160f6944042
parent913c642c21dd608cc53ea2482e9b4d3141bcd542
mjpegdec: consider chroma subsampling in size check

If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.

This fixes out of bounds writes causing segmentation faults or memory
corruption.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mjpegdec.c