]> git.sesse.net Git - ffmpeg/blobdiff - libavformat/rtpenc_jpeg.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
avformat/riffde: Fix integer overflow in bitrate
[ffmpeg] / libavformat / rtpenc_jpeg.c
diff --git a/libavformat/rtpenc_jpeg.c b/libavformat/rtpenc_jpeg.c
index 7ee26c435e7d2667aa21c3b080af37390f980305..13d61a97aae7dd5bec7623a0a8a64d54fbb138c1 100644 (file)
--- a/libavformat/rtpenc_jpeg.c
+++ b/libavformat/rtpenc_jpeg.c
@@ -21,6 +21,7 @@
 
 #include "libavcodec/bytestream.h"
 #include "libavcodec/mjpeg.h"
+#include "libavcodec/jpegtables.h"
 #include "libavutil/intreadwrite.h"
 #include "rtpenc.h"
 
@@ -63,7 +64,7 @@ void ff_rtp_send_jpeg(AVFormatContext *s1, const uint8_t *buf, int size)
             continue;
 
         if (buf[i + 1] == DQT) {
-            if (buf[i + 4])
+            if (buf[i + 4] & 0xF0)
                 av_log(s1, AV_LOG_WARNING,
                        "Only 8-bit precision is supported.\n");
 
@@ -81,6 +82,25 @@ void ff_rtp_send_jpeg(AVFormatContext *s1, const uint8_t *buf, int size)
                        "Only 1x1 chroma blocks are supported. Aborted!\n");
                 return;
             }
+        } else if (buf[i + 1] == DHT) {
+            if (   AV_RB16(&buf[i + 2]) < 418
+                || i + 420 >= size
+                || buf[i +   4] != 0x00
+                || buf[i +  33] != 0x01
+                || buf[i +  62] != 0x10
+                || buf[i + 241] != 0x11
+                || memcmp(buf + i +   5, avpriv_mjpeg_bits_dc_luminance   + 1, 16)
+                || memcmp(buf + i +  21, avpriv_mjpeg_val_dc, 12)
+                || memcmp(buf + i +  34, avpriv_mjpeg_bits_dc_chrominance + 1, 16)
+                || memcmp(buf + i +  50, avpriv_mjpeg_val_dc, 12)
+                || memcmp(buf + i +  63, avpriv_mjpeg_bits_ac_luminance   + 1, 16)
+                || memcmp(buf + i +  79, avpriv_mjpeg_val_ac_luminance, 162)
+                || memcmp(buf + i + 242, avpriv_mjpeg_bits_ac_chrominance + 1, 16)
+                || memcmp(buf + i + 258, avpriv_mjpeg_val_ac_chrominance, 162)) {
+                av_log(s1, AV_LOG_ERROR,
+                       "RFC 2435 requires standard Huffman tables for jpeg\n");
+                return;
+            }
         } else if (buf[i + 1] == SOS) {
             /* SOS is last marker in the header */
             i += AV_RB16(&buf[i + 2]) + 2;
Unnamed repository; edit this file 'description' to name the repository.