From 9c1812491f7be2730351969f4abd9b99d300d604 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 28 May 2017 13:52:13 +0200
Subject: [PATCH] avcodec/jpeg2000dec: Check tile offsets more completely

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/jpeg2000dec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index db4bb50a03..69979e0e62 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -300,7 +300,10 @@ static int get_siz(Jpeg2000DecoderContext *s)
 
     if (s->tile_offset_x < 0 || s->tile_offset_y < 0 ||
         s->image_offset_x < s->tile_offset_x ||
-        s->image_offset_y < s->tile_offset_y) {
+        s->image_offset_y < s->tile_offset_y ||
+        s->tile_width  + (int64_t)s->tile_offset_x <= s->image_offset_x ||
+        s->tile_height + (int64_t)s->tile_offset_y <= s->image_offset_y
+    ) {
         av_log(s->avctx, AV_LOG_ERROR, "Tile offsets are invalid\n");
         return AVERROR_INVALIDDATA;
     }