From patchwork Sun Sep 25 17:16:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul B Mahol X-Patchwork-Id: 38313 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp1786438pzh; Sun, 25 Sep 2022 10:16:55 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6smS5NEHZWIhLViJS3pOGjyBXia83yzqBS3bCp9nhuNjnICcybeJNqBKYE3rtUlTNBNtiG X-Received: by 2002:a17:907:9617:b0:783:3fe1:e3d9 with SMTP id gb23-20020a170907961700b007833fe1e3d9mr3461437ejc.516.1664126214850; Sun, 25 Sep 2022 10:16:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664126214; cv=none; d=google.com; s=arc-20160816; b=v0CLqtBq6kH3CbqCnNLe1UvjQND++Hi2rONyCqqddjE9arnPpjGtdxWcVNDlT0KQgY P06e9G8bHiDrYTfQ8QfYPGSsB6KeTu23h8euvZHVGWSSHU104e2qEez7i+V0BmqGEDwg 9OyWzsub+pvul/t8eNf0TdL50oOjeP2lYM0FtvcJ4R5JQ0IrNWR43eHMSxVvZhgmtE7Z w1LaY+q+KEmmsKYMuJxVreHb5bal7V96MV0kuBLOUdEPSN1v3DQV2hDoVR9IPh94oDfB aFD0Gc70kc2rffnp43CX9QdZYOu5hcGhNgtXPGxYWX//blV4eosUuP1lO4fgjjpE2y6p B6Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:to :message-id:date:from:mime-version:dkim-signature:delivered-to; bh=6/982SeBeNH/Gd6HyhbPvrQpD7l+Fjg0EH/BvgFd2Vs=; b=E+pdFjCqyCq9C+IuO1efbrT99epDG4o0NwAcihRRoKxR5CWmWTC4m3YN+llabPNHmX B0hjNqDt0/6Q4a3WNRvw8qlqpJ67D95iNnKoUUUR1NqlxNlnMq3cLZlup22FQMgVIQBM xh1gp9Nerru5ZVP6CDhJvuyff82al4aIuCwYADyc9Tl42Uo7MZdjD/axAx05kmOey5Qi pOsToDvDkFP+NU0rqL/cc+BK8iOU8BfCs5oW9RzmpvX8Evj213SfoZmUSYjPYHlw2jKZ vt6D75fSXUvEHtbxCiPBMEM4mfs39YjXQv9iD3d9WFXvacw/0JaDW45CG7OjlG2yiz6k GsYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="ADTw/vUf"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t17-20020a170906269100b00781ea213f99si11239873ejc.173.2022.09.25.10.16.54; Sun, 25 Sep 2022 10:16:54 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="ADTw/vUf"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E474568BA76; Sun, 25 Sep 2022 20:16:51 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B730868B96F for ; Sun, 25 Sep 2022 20:16:45 +0300 (EEST) Received: by mail-yb1-f170.google.com with SMTP id s14so5760871ybe.7 for ; Sun, 25 Sep 2022 10:16:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=Ns05TeM6rMqNV3T21E8tY+vVl5xHidouTS1M4yEUwtE=; b=ADTw/vUffKaNky95sDLeCGioLXyDUf8HYj3F5pgU+XLnIRdPvqDZVHPv3OO7Q/sSsd p6f9WVcgX3BGNRY3Oz+pooL72IFJuSfle74WZeqFdP0KvB5RG4l85iZAn75Pw5peZsg5 m0rSWp1R7qcHu0OGQbQ54j2gkmj7lXZ54Uvmyrk4b4sijOPc4hjeJWcIl8M9Iefs5wn7 mehU8ihqrof9Y25qtn5fYyJ56WqrwvGV6b1t1MEVhczOtLJH6LEkgR6kwu1OQnJNHGwq 7lmS6ZjxrRz/p0gp9ucQcMwwxHJVUj6414Sk/af+Mus4PZV5AwqKbN7Hj9uiDUf2So2W 9DFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=Ns05TeM6rMqNV3T21E8tY+vVl5xHidouTS1M4yEUwtE=; b=Ezx7DAxtGU2UYITVSA+4wh9JQ6hiMP4f3nzJf7X00z4JDd568v+VYfiDCvpxzYswKR KKlL1WOTJ+GMA1Ar0PnEl/9qCjByaAfVxdi5eqByjSgQUvWkANNsix4tL+TXT+VOGWKV D/nqz+cMXGEFTr0Z/GU22jZcQRRepp1iSRGeV9ReGqDbYD4tBI8RZ3iutEcf58SpNiOG 2Kp6CaFKpWz7KIjIN8lt/NrlRo40rcA7oI10uVBm84NozFR1r5cfIFqB6tYdESYYfeg3 nJGZplljwa2bqVtDx19SSafeLThV7bOHAjNt6O2G7TCJyHirdYCCWJK7Sv8fN/uWOeJ2 jRfQ== X-Gm-Message-State: ACrzQf31r1ZO+Ac7rgGmTiMareclbcxJgwx80a/K45ALhPOhPPAnY/Uz 0/ZWMvLDWOIA8IpIR5oCybKAMX4Bfs6PzHldX7TQLmPi X-Received: by 2002:a25:c04f:0:b0:6ae:96ac:ac2d with SMTP id c76-20020a25c04f000000b006ae96acac2dmr17285680ybf.227.1664126204238; Sun, 25 Sep 2022 10:16:44 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a81:7402:0:0:0:0:0 with HTTP; Sun, 25 Sep 2022 10:16:43 -0700 (PDT) From: Paul B Mahol Date: Sun, 25 Sep 2022 19:16:43 +0200 Message-ID: To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] avcodec/mjpegdec: check that component index is positive X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 3K1JNRuSR+TQ Patch attached From 0a28ae573654d05ef56cafbb169674b1829f0c6f Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Sun, 25 Sep 2022 19:17:25 +0200 Subject: [PATCH] avcodec/mjpegdec: check that index is not negative Signed-off-by: Paul B Mahol --- libavcodec/mjpegdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index c594950500..57c7c1c80d 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -374,6 +374,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) for (i = 0; i < nb_components; i++) { /* component id */ s->component_id[i] = get_bits(&s->gb, 8) - 1; + if (s->component_id[i] < 0) + return AVERROR_INVALIDDATA; h_count[i] = get_bits(&s->gb, 4); v_count[i] = get_bits(&s->gb, 4); /* compute hmax and vmax (only used in interleaved case) */ @@ -1678,6 +1680,8 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s, const uint8_t *mb_bitmask, } for (i = 0; i < nb_components; i++) { id = get_bits(&s->gb, 8) - 1; + if (id < 0) + return AVERROR_INVALIDDATA; av_log(s->avctx, AV_LOG_DEBUG, "component: %d\n", id); /* find component index */ for (index = 0; index < s->nb_components; index++) -- 2.37.2