diff mbox series

[FFmpeg-devel] avcodec/mjpegdec: check that component index is positive

Message ID CAPYw7P70OotnaF1cdwJ8B9pBCB7SDrSeQp_dj2AA2LKUhfSvfA@mail.gmail.com
State New
Headers show
Series [FFmpeg-devel] avcodec/mjpegdec: check that component index is positive | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 fail Make fate failed

Commit Message

Paul B Mahol Sept. 25, 2022, 5:16 p.m. UTC 
Patch attached

Comments

Anton Khirnov Sept. 26, 2022, 8:30 a.m. UTC | #1 
Quoting Paul B Mahol (2022-09-25 19:16:43)
> Patch attached
> 
> From 0a28ae573654d05ef56cafbb169674b1829f0c6f Mon Sep 17 00:00:00 2001
> From: Paul B Mahol <onemda@gmail.com>
> Date: Sun, 25 Sep 2022 19:17:25 +0200
> Subject: [PATCH] avcodec/mjpegdec: check that index is not negative
> 
> Signed-off-by: Paul B Mahol <onemda@gmail.com>
> ---
>  libavcodec/mjpegdec.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
> index c594950500..57c7c1c80d 100644
> --- a/libavcodec/mjpegdec.c
> +++ b/libavcodec/mjpegdec.c
> @@ -374,6 +374,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
>      for (i = 0; i < nb_components; i++) {
>          /* component id */
>          s->component_id[i] = get_bits(&s->gb, 8) - 1;
> +        if (s->component_id[i] < 0)

It's generally safer to not leave invalid values lying around, so better
to first check and only then write into the context.
diff mbox series

Patch

From 0a28ae573654d05ef56cafbb169674b1829f0c6f Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Sun, 25 Sep 2022 19:17:25 +0200
Subject: [PATCH] avcodec/mjpegdec: check that index is not negative

Signed-off-by: Paul B Mahol <onemda@gmail.com>
---
 libavcodec/mjpegdec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index c594950500..57c7c1c80d 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -374,6 +374,8 @@  int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
     for (i = 0; i < nb_components; i++) {
         /* component id */
         s->component_id[i] = get_bits(&s->gb, 8) - 1;
+        if (s->component_id[i] < 0)
+            return AVERROR_INVALIDDATA;
         h_count[i]         = get_bits(&s->gb, 4);
         v_count[i]         = get_bits(&s->gb, 4);
         /* compute hmax and vmax (only used in interleaved case) */
@@ -1678,6 +1680,8 @@  int ff_mjpeg_decode_sos(MJpegDecodeContext *s, const uint8_t *mb_bitmask,
     }
     for (i = 0; i < nb_components; i++) {
         id = get_bits(&s->gb, 8) - 1;
+        if (id < 0)
+            return AVERROR_INVALIDDATA;
         av_log(s->avctx, AV_LOG_DEBUG, "component: %d\n", id);
         /* find component index */
         for (index = 0; index < s->nb_components; index++)
-- 
2.37.2