Merge commit '7e201d575dc4385eb67314b0419d4d77185e65f4'

* commit '7e201d575dc4385eb67314b0419d4d77185e65f4': jpeg2000: Validate block lengthinc Merged-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-07-03 14:20:36 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2013-07-03 14:28:51 +0200
commit: db5c93a1a97d3b6919d70bce65d09dc53be708f8 (patch)
tree: 94abc042764c7a8ecc6c0586bb282b4f45f77a09
parent: f0358dc1d30cd4f4862489ab95c4d408b00a8b0d (diff)
parent: 7e201d575dc4385eb67314b0419d4d77185e65f4 (diff)
download: ffmpeg-db5c93a1a97d3b6919d70bce65d09dc53be708f8.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e7e9a8b005..0e459c1f7c 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -674,6 +674,12 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
             cblk->lblock += llen;
             if ((ret = get_bits(s, av_log2(newpasses) + cblk->lblock)) < 0)
                 return ret;
+            if (ret > sizeof(cblk->data)) {
+                avpriv_request_sample(s->avctx,
+                                      "Block with lengthinc greater than %zu",
+                                      sizeof(cblk->data));
+                return AVERROR_PATCHWELCOME;
+            }
             cblk->lengthinc = ret;
             cblk->npasses  += newpasses;
         }
author	Michael Niedermayer <michaelni@gmx.at>	2013-07-03 14:20:36 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2013-07-03 14:28:51 +0200
commit	db5c93a1a97d3b6919d70bce65d09dc53be708f8 (patch)
tree	94abc042764c7a8ecc6c0586bb282b4f45f77a09
parent	f0358dc1d30cd4f4862489ab95c4d408b00a8b0d (diff)
parent	7e201d575dc4385eb67314b0419d4d77185e65f4 (diff)
download	ffmpeg-db5c93a1a97d3b6919d70bce65d09dc53be708f8.tar.gz