X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fcbs_jpeg_syntax_template.c;h=6eda56d623c45e005ea0b9a22b6ca9c29374eb44;hb=e83717e63eab1f1b78dc0990e5b8e927097fca29;hp=d3cd9ff62e7e7025980cd6059b6f532d1466cd06;hpb=3e076faf3b86bb16f746e7c9b0cf3dac5f9a851a;p=ffmpeg

diff --git a/libavcodec/cbs_jpeg_syntax_template.c b/libavcodec/cbs_jpeg_syntax_template.c
index d3cd9ff62e7..6eda56d623c 100644
--- a/libavcodec/cbs_jpeg_syntax_template.c
+++ b/libavcodec/cbs_jpeg_syntax_template.c
@@ -89,6 +89,8 @@ static int FUNC(huffman_table)(CodedBitstreamContext *ctx, RWContext *rw,
     ij = 0;
     for (i = 0; i < 16; i++) {
         for (j = 0; j < current->L[i]; j++) {
+            if (ij >= 224)
+                return AVERROR_INVALIDDATA;
             us(8, V[ij], ij, 0, 255);
             ++ij;
         }
@@ -108,6 +110,9 @@ static int FUNC(dht)(CodedBitstreamContext *ctx, RWContext *rw,
 
     n = 2;
     for (i = 0; n < current->Lh; i++) {
+        if (i >= 8)
+            return AVERROR_INVALIDDATA;
+
         CHECK(FUNC(huffman_table)(ctx, rw, &current->table[i]));
 
         ++n;