From: Michael Niedermayer <[email protected]> Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Conflicts: libavcodec/j2kdec.c --- libavcodec/jpeg2000dec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 4ef0e8b..5620b5b 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -643,7 +643,9 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, nb_code_blocks = prec->nb_codeblocks_height * prec->nb_codeblocks_width; for (cblkno = 0; cblkno < nb_code_blocks; cblkno++) { Jpeg2000Cblk *cblk = prec->cblk + cblkno; - if (bytestream2_get_bytes_left(&s->g) < cblk->lengthinc) + if ( bytestream2_get_bytes_left(&s->g) < cblk->lengthinc + || sizeof(cblk->data) < cblk->lengthinc + ) return AVERROR(EINVAL); /* Code-block data can be empty. In that case initialize data * with 0xFFFF. */ -- 1.7.9.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
