X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fjvdec.c;h=03ac43d10e30b7c75f80955164dc8f833f4c9759;hb=587e3c3426be5f3a457c0c6542e70014e7f58402;hp=69ac8f27fd398776a23ef2379d19ed3d11f73939;hpb=7431923da8b75835dcabdebc8dcc8c8e28b60a87;p=ffmpeg diff --git a/libavformat/jvdec.c b/libavformat/jvdec.c index 69ac8f27fd3..03ac43d10e3 100644 --- a/libavformat/jvdec.c +++ b/libavformat/jvdec.c @@ -59,6 +59,15 @@ static int read_probe(AVProbeData *pd) return 0; } +static int read_close(AVFormatContext *s) +{ + JVDemuxContext *jv = s->priv_data; + + av_freep(&jv->frames); + + return 0; +} + static int read_header(AVFormatContext *s) { JVDemuxContext *jv = s->priv_data; @@ -119,10 +128,23 @@ static int read_header(AVFormatContext *s) jvf->audio_size = avio_rl32(pb); jvf->video_size = avio_rl32(pb); jvf->palette_size = avio_r8(pb) ? 768 : 0; - jvf->video_size = FFMIN(FFMAX(jvf->video_size, 0), - INT_MAX - JV_PREAMBLE_SIZE - jvf->palette_size); + + if ((jvf->video_size | jvf->audio_size) & ~0xFFFFFF || + e->size - jvf->audio_size + - jvf->video_size + - jvf->palette_size < 0) { + if (s->error_recognition & AV_EF_EXPLODE) { + read_close(s); + return AVERROR_INVALIDDATA; + } + jvf->audio_size = + jvf->video_size = + jvf->palette_size = 0; + } + if (avio_r8(pb)) av_log(s, AV_LOG_WARNING, "unsupported audio codec\n"); + jvf->video_type = avio_r8(pb); avio_skip(pb, 1); @@ -184,6 +206,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) } } + if (s->pb->eof_reached) + return AVERROR_EOF; + return AVERROR(EIO); } @@ -218,15 +243,6 @@ static int read_seek(AVFormatContext *s, int stream_index, return 0; } -static int read_close(AVFormatContext *s) -{ - JVDemuxContext *jv = s->priv_data; - - av_freep(&jv->frames); - - return 0; -} - AVInputFormat ff_jv_demuxer = { .name = "jv", .long_name = NULL_IF_CONFIG_SMALL("Bitmap Brothers JV"),