avcodec/mjpegdec: Check escape sequence validity
authorMichael Niedermayer <michaelni@gmx.at>
Wed, 4 Feb 2015 19:13:18 +0000 (20:13 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 17 Feb 2015 18:43:18 +0000 (19:43 +0100)
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit afa92907f3c6a0c3bdad766ec8d938ee17ee1c9e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/mjpegdec.c

index a867d06..8289cc5 100644 (file)
@@ -1835,6 +1835,10 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
             put_bits(&pb, 8, x);
             if (x == 0xFF) {
                 x = src[b++];
+                if (x & 0x80) {
+                    av_log(s->avctx, AV_LOG_WARNING, "Invalid escape sequence\n");
+                    x &= 0x7f;
+                }
                 put_bits(&pb, 7, x);
                 bit_count--;
             }