@@ -62,7 +62,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out)
bytestream_put_be32(&out_buf, in->size + 44U); /* pad field size */
bytestream_put_be32(&out_buf, 0); /* next ptr */
- for (i = 0; i < in->size - 1; i++) {
+ for (i = 0; i < in->size - 3; i++) {
if (in->data[i] == 0xff) {
switch (in->data[i + 1]) {
case DQT: dqt = i + 46U; break;
@@ -80,7 +80,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out)
av_packet_free(&in);
return 0;
case APP1:
- if (i + 8U < in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) {
+ if (i + 12U <= in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) {
av_log(ctx, AV_LOG_ERROR, "bitstream already formatted\n");
av_packet_unref(out);
av_packet_move_ref(out, in);
@@ -90,7 +90,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out)
}
}
}
- av_log(ctx, AV_LOG_ERROR, "could not find SOS marker in bitstream\n");
+ av_log(ctx, AV_LOG_ERROR, "No valid SOS marker in bitstream\n");
fail:
av_packet_unref(out);
av_packet_free(&in);
When encountering an SOS marker, the two bytes after this marker are read, too. So one needs to make sure that these two bytes are still part of the packet's data. And when one checks whether the input already is of the desired format, one has to make sure that the place where one searches the "mjpg" tag is actually contained in the given data. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/mjpega_dump_header_bsf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)