From: Michael Niedermayer <[email protected]>
Avoid overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
---
libavcodec/jpeg2000dec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index f6c1dde..c70dc62 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -661,7 +661,8 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
nb_code_blocks = prec->nb_codeblocks_height *
prec->nb_codeblocks_width;
for (cblkno = 0; cblkno < nb_code_blocks; cblkno++) {
Jpeg2000Cblk *cblk = prec->cblk + cblkno;
- if (bytestream2_get_bytes_left(&s->g) < cblk->lengthinc)
+ if (bytestream2_get_bytes_left(&s->g) < cblk->lengthinc ||
+ cblk->lengthinc > sizeof(cblk->data))
return AVERROR_INVALIDDATA;
/* Code-block data can be empty. In that case initialize data
* with 0xFFFF. */
--
1.8.2.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
