From 001f4c7dc63e90e719187cd7f961c8220721878f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 13 Feb 2012 23:50:35 +0100 Subject: [PATCH] jpeglsdec: Prevent out of array write. Signed-off-by: Michael Niedermayer (cherry picked from commit 00ab9cdae1a96dfea33cd505076a83823f390aa4) Signed-off-by: Michael Niedermayer --- libavcodec/jpeglsdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 0139c8860f..74714e0521 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -198,6 +198,9 @@ static inline void ls_decode_line(JLSState *state, MJpegDecodeContext *s, void * r = ff_log2_run[state->run_index[comp]]; if(r) r = get_bits_long(&s->gb, r); + if(x + r * stride > w) { + r = (w - x) / stride; + } for(i = 0; i < r; i++) { W(dst, x, Ra); x += stride;