diff options
| author | Michael Niedermayer <[email protected]> | 2012-01-12 22:19:34 +0100 |
|---|---|---|
| committer | Michael Niedermayer <[email protected]> | 2012-01-12 22:19:40 +0100 |
| commit | f9c9ee445f7cb46be1550fdf809626b997f814ac (patch) | |
| tree | 0048c563f1ee8b60fdc3cfd8611c4c550817e551 /libavcodec/j2kdec.c | |
| parent | c0cbf3af0188d06a11c74b3ab2402de1c248a76b (diff) | |
| parent | 8935e7474ada9f18e9c21ec3a0a1706040e7b3be (diff) | |
Merge branch 'release/0.8' into release/0.7
* release/0.8:
shorten: Fix invalid free()
j2kdec: Fix crash in get_qcx
j2kdec: Check curtileno for validity
atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei
h264: check chroma_format_idc range. Fixes Ticket758 Bug found by: Diana Elena Muscalu
aacsbr: Fix memory corruption. Fixes Ticket760 and Ticket761 Bug Found by: Diana Elena Muscalu
j2kdec: Fix integer overflow leading to a segfault Fixes Ticket776 Bug found by: Diana Elena Muscalu
ws_snd1: Fix wrong samples count and crash.
lavfi: add missing check in avfilter_filter_samples()
Update Changelog for 0.7.4 release
Update RELEASE file for 0.7.4
swscale: fix crash in fast_bilinear code when compiled with -mred-zone.
vorbis: An additional defense in the Vorbis codec.
vorbisdec: Fix decoding bug with channel handling
Merged-by: Michael Niedermayer <[email protected]>
Diffstat (limited to 'libavcodec/j2kdec.c')
| -rw-r--r-- | libavcodec/j2kdec.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 96b4f64098..3315a835d7 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -359,7 +359,7 @@ static int get_qcx(J2kDecoderContext *s, int n, J2kQuantStyle *q) if (q->quantsty == J2K_QSTY_NONE){ n -= 3; - if (s->buf_end - s->buf < n) + if (s->buf_end - s->buf < n || 32*3 < n) return AVERROR(EINVAL); for (i = 0; i < n; i++) q->expn[i] = bytestream_get_byte(&s->buf) >> 3; @@ -376,7 +376,7 @@ static int get_qcx(J2kDecoderContext *s, int n, J2kQuantStyle *q) } } else{ n = (n - 3) >> 1; - if (s->buf_end - s->buf < n) + if (s->buf_end - s->buf < n || 32*3 < n) return AVERROR(EINVAL); for (i = 0; i < n; i++){ x = bytestream_get_be16(&s->buf); @@ -421,6 +421,10 @@ static uint8_t get_sot(J2kDecoderContext *s) return AVERROR(EINVAL); s->curtileno = bytestream_get_be16(&s->buf); ///< Isot + if((unsigned)s->curtileno >= s->numXtiles * s->numYtiles){ + s->curtileno=0; + return AVERROR(EINVAL); + } s->buf += 4; ///< Psot (ignored) |