mjpegdec: consider chroma subsampling in size check n2.5.9
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Wed, 2 Dec 2015 20:52:23 +0000 (21:52 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 7 Dec 2015 00:34:15 +0000 (01:34 +0100)
commitd52b5f85f2837b0de9bdefe2a650d8d1b0e02ec1
treef619a8118943cdb4964574b3532bf4cf740ecc79
parentffe40ef9b4942b4be4e82f1cb31f2b41ab2c1685
mjpegdec: consider chroma subsampling in size check

If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.

This fixes out of bounds writes causing segmentation faults or memory
corruption.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mjpegdec.c