mjpeg: Validate sampling factors
authorLuca Barbato <lu_zero@gentoo.org>
Mon, 13 May 2013 17:32:04 +0000 (19:32 +0200)
committerLuca Barbato <lu_zero@gentoo.org>
Mon, 20 May 2013 20:02:05 +0000 (22:02 +0200)
They must be non-zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
libavcodec/mjpegdec.c

index ef46c5f..83b40d9 100644 (file)
@@ -265,6 +265,13 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
         s->quant_index[i] = get_bits(&s->gb, 8);
         if (s->quant_index[i] >= 4)
             return AVERROR_INVALIDDATA;
+        if (!s->h_count[i] || !s->v_count[i]) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Invalid sampling factor in component %d %d:%d\n",
+                   i, s->h_count[i], s->v_count[i]);
+            return AVERROR_INVALIDDATA;
+        }
+
         av_log(s->avctx, AV_LOG_DEBUG, "component %d %d:%d id: %d quant:%d\n",
                i, s->h_count[i], s->v_count[i],
                s->component_id[i], s->quant_index[i]);