[FFmpeg-devel] [PATCH] avcodec/mjpegdec: check that component index is positive

[FFmpeg-devel] [PATCH] avcodec/mjpegdec: check that component index is positive

[Paul B Mahol]

[-- Attachment #1: Type: text/plain, Size: 15 bytes --]

Patch attached

[-- Attachment #2: 0001-avcodec-mjpegdec-check-that-index-is-not-negative.patch --]
[-- Type: text/x-patch, Size: 1345 bytes --]

From 0a28ae573654d05ef56cafbb169674b1829f0c6f Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Sun, 25 Sep 2022 19:17:25 +0200
Subject: [PATCH] avcodec/mjpegdec: check that index is not negative

Signed-off-by: Paul B Mahol <onemda@gmail.com>
---
 libavcodec/mjpegdec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index c594950500..57c7c1c80d 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -374,6 +374,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
     for (i = 0; i < nb_components; i++) {
         /* component id */
         s->component_id[i] = get_bits(&s->gb, 8) - 1;
+        if (s->component_id[i] < 0)
+            return AVERROR_INVALIDDATA;
         h_count[i]         = get_bits(&s->gb, 4);
         v_count[i]         = get_bits(&s->gb, 4);
         /* compute hmax and vmax (only used in interleaved case) */
@@ -1678,6 +1680,8 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s, const uint8_t *mb_bitmask,
     }
     for (i = 0; i < nb_components; i++) {
         id = get_bits(&s->gb, 8) - 1;
+        if (id < 0)
+            return AVERROR_INVALIDDATA;
         av_log(s->avctx, AV_LOG_DEBUG, "component: %d\n", id);
         /* find component index */
         for (index = 0; index < s->nb_components; index++)
-- 
2.37.2


[-- Attachment #3: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] avcodec/mjpegdec: check that component index is positive

[Anton Khirnov]

Quoting Paul B Mahol (2022-09-25 19:16:43)
> Patch attached
> 
> From 0a28ae573654d05ef56cafbb169674b1829f0c6f Mon Sep 17 00:00:00 2001
> From: Paul B Mahol <onemda@gmail.com>
> Date: Sun, 25 Sep 2022 19:17:25 +0200
> Subject: [PATCH] avcodec/mjpegdec: check that index is not negative
> 
> Signed-off-by: Paul B Mahol <onemda@gmail.com>
> ---
>  libavcodec/mjpegdec.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
> index c594950500..57c7c1c80d 100644
> --- a/libavcodec/mjpegdec.c
> +++ b/libavcodec/mjpegdec.c
> @@ -374,6 +374,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
>      for (i = 0; i < nb_components; i++) {
>          /* component id */
>          s->component_id[i] = get_bits(&s->gb, 8) - 1;
> +        if (s->component_id[i] < 0)

It's generally safer to not leave invalid values lying around, so better
to first check and only then write into the context.

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".