xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-24 12:09:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

jpeg2000: Validate block lengthinc

Browse Source 
Currently we are using an array with a static data size.

Similar to a patch with the same purpose by Michael Niedermayer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
Luca Barbato 2013-07-01 10:01:05 +02:00
parent 278a923c51
commit 7e201d575d
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/jpeg2000dec.c
View File

@ -663,6 +663,12 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
cblk->lblock += llen;
if ((ret = get_bits(s, av_log2(newpasses) + cblk->lblock)) < 0)
return ret;
if (ret > sizeof(cblk->data)) {
avpriv_request_sample(s->avctx,
"Block with lengthinc greater than %zu",
sizeof(cblk->data));
return AVERROR_PATCHWELCOME;
}
cblk->lengthinc = ret;
cblk->npasses += newpasses;
}