j2kdec: Check for interger overflow in tile array allocation

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2011-12-24 05:03:04 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2011-12-24 18:42:55 +0100
commit: 3132999fdb57d8d3ba5e08a4dc1b3661e885c04d (patch)
tree: 00773e0aa936a03c3721e8514207ac3d2e4cf0e5
parent: 628c9dcca3fb3f46f960f0df8236591653c6e512 (diff)
download: ffmpeg-3132999fdb57d8d3ba5e08a4dc1b3661e885c04d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c
index a8c0c52c25..c8dabc0bde 100644
--- a/libavcodec/j2kdec.c
+++ b/libavcodec/j2kdec.c
@@ -238,6 +238,9 @@ static int get_siz(J2kDecoderContext *s)
     s->numXtiles = ff_j2k_ceildiv(s->width - s->tile_offset_x, s->tile_width);
     s->numYtiles = ff_j2k_ceildiv(s->height - s->tile_offset_y, s->tile_height);
 
+    if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(J2kTile))
+        return AVERROR(EINVAL);
+
     s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(J2kTile));
     if (!s->tile)
         return AVERROR(ENOMEM);
author	Michael Niedermayer <michaelni@gmx.at>	2011-12-24 05:03:04 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2011-12-24 18:42:55 +0100
commit	3132999fdb57d8d3ba5e08a4dc1b3661e885c04d (patch)
tree	00773e0aa936a03c3721e8514207ac3d2e4cf0e5
parent	628c9dcca3fb3f46f960f0df8236591653c6e512 (diff)
download	ffmpeg-3132999fdb57d8d3ba5e08a4dc1b3661e885c04d.tar.gz