Deny of Service caused by dividing zero without sanity check in jfif.c

rockcarry / ffjpeg

a simple jpeg codec.

GNU General Public License v3.0

106 stars 46 forks source link

Deny of Service caused by dividing zero without sanity check in jfif.c #13

Closed sleicasper closed 4 years ago

sleicasper commented 4 years ago

file: jfif.c function: jfif_decode line: 425

mcuw = sfh_max * 8;
mcuh = sfv_max * 8;
jw = ALIGN(jfif->width , mcuw);
jh = ALIGN(jfif->height, mcuh);
mcuc = jw / mcuw;                              <------- mcuw can be zero
mcur = jh / mcuh;
//-- calculate mcu info

sleicasper commented 4 years ago

poc.zip

rockcarry commented 4 years ago

a new commit push for this issue, please check and test again.

rockcarry commented 4 years ago

I test with latest code, issue can not be reproduced. close this issue.