mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-19 14:56:36 +00:00
Code Issues 1 Projects Releases Wiki Activity

jpegdec: check buffer size before dereferencing. Fixes #541

Browse source 
Some cameras (Panacast) have buggy drivers/firmware which send
invalid JPEG frames, containing no data, which makes jpegdec
crash because it assumes the frame is at least 2 bytes long.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/723>
This commit is contained in:
Jérôme Laheurte 2020-09-10 11:24:32 +02:00 committed by GStreamer Merge Bot
parent 953ceba80d
commit 44d4eaab7c
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ext/jpeg/gstjpegdec.c
View file

@ -1215,6 +1215,8 @@ gst_jpeg_dec_handle_frame (GstVideoDecoder * bdec, GstVideoCodecFrame * frame)
data = dec->current_frame_map.data; data = dec->current_frame_map.data;
nbytes = dec->current_frame_map.size; nbytes = dec->current_frame_map.size;
if (nbytes < 2)
goto need_more_data;
has_eoi = ((data[nbytes - 2] == 0xff) && (data[nbytes - 1] == 0xd9)); has_eoi = ((data[nbytes - 2] == 0xff) && (data[nbytes - 1] == 0xd9));
/* some cameras fail to send an end-of-image marker (EOI), /* some cameras fail to send an end-of-image marker (EOI),