From: Michael Niedermayer <[email protected]> Prevent additional integer overflows.
Signed-off-by: Luca Barbato <[email protected]> --- libavcodec/jpeg2000dec.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 815ae3e..154fad8 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -650,10 +650,16 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, else if (incl < 0) return incl; - if (!cblk->npasses) - cblk->nonzerobits = expn[bandno] + numgbits - 1 - - tag_tree_decode(s, prec->zerobits + cblkno, - 100); + if (!cblk->npasses) { + int v = expn[bandno] + numgbits - 1 - + tag_tree_decode(s, prec->zerobits + cblkno, 100); + if (v < 0) { + av_log(s->avctx, AV_LOG_ERROR, + "nonzerobits %d invalid\n", v); + return AVERROR_INVALIDDATA; + } + cblk->nonzerobits = v; + } if ((newpasses = getnpasses(s)) < 0) return newpasses; if ((llen = getlblockinc(s)) < 0) @@ -929,10 +935,6 @@ static int decode_cblk(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *codsty, ff_mqc_initdec(&t1->mqc, cblk->data); while (passno--) { - if (bpno < 0) { - av_log(s->avctx, AV_LOG_ERROR, "bpno invalid\n"); - return AVERROR(EINVAL); - } switch(pass_t) { case 0: decode_sigpass(t1, width, height, bpno + 1, bandpos, -- 1.8.2.1 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
