From: Michael Niedermayer <[email protected]> Make sure once we support more than a tile we do not access over the allocated buffer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <[email protected]> --- libavcodec/jpeg2000dec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 398e6a0..cb2b3f0 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -438,6 +438,9 @@ static int get_sot(Jpeg2000DecoderContext *s, int n) return AVERROR_INVALIDDATA; Isot = bytestream2_get_be16u(&s->g); // Isot + if (Isot >= s->numXtiles * s->numYtiles) { + return AVERROR_INVALIDDATA; + } if (Isot) { avpriv_request_sample(s->avctx, "Support for more than one tile"); return AVERROR_PATCHWELCOME; -- 1.8.2.1 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
