From: Michael Niedermayer <[email protected]> Fixes potential integer overflow
Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 45396d0..a8dae3e 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -192,6 +192,9 @@ static int get_siz(Jpeg2000DecoderContext *s) s->numXtiles = ff_jpeg2000_ceildiv(s->width - s->tile_offset_x, s->tile_width); s->numYtiles = ff_jpeg2000_ceildiv(s->height - s->tile_offset_y, s->tile_height); + if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(Jpeg2000Tile)) + return AVERROR(EINVAL); + s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(*s->tile)); if (!s->tile) return AVERROR(ENOMEM); -- 1.7.9.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
