diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-11-09 00:54:58 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-11-09 01:03:40 +0100 |
| commit | 57bf0d1fe53bd501cd2c060075ee9ba27a770bcd (patch) | |
| tree | 5039c9b0d0fc2ed9419215d2219eff9c7d4c3aa1 /libavcodec/j2kdec.c | |
| parent | 661e0811760844fd03d2f5cfe74c5736bb4b8ecc (diff) | |
| parent | 3970d4e72809d9c9bf4c463ba1a6ab2650e3252b (diff) | |
| download | ffmpeg-57bf0d1fe53bd501cd2c060075ee9ba27a770bcd.tar.gz | |
Merge branch 'release/0.7' into oldabi
* release/0.7: (290 commits)
nuv: Fix combination of size changes and LZO compression.
av_lzo1x_decode: properly handle negative buffer length.
Do not call parse_keyframes_index with NULL stream.
update versions for 0.7 branch
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d)
...
Conflicts:
Changelog
Makefile
RELEASE
configure
libavcodec/error_resilience.c
libavcodec/mpegvideo.c
libavformat/matroskaenc.c
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/j2kdec.c')
| -rw-r--r-- | libavcodec/j2kdec.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 73af6a73df..96b4f64098 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -961,18 +961,20 @@ static int decode_codestream(J2kDecoderContext *s) static int jp2_find_codestream(J2kDecoderContext *s) { - int32_t atom_size; + uint32_t atom_size; int found_codestream = 0, search_range = 10; // skip jpeg2k signature atom s->buf += 12; - while(!found_codestream && search_range) { + while(!found_codestream && search_range && s->buf_end - s->buf >= 8) { atom_size = AV_RB32(s->buf); if(AV_RB32(s->buf + 4) == JP2_CODESTREAM) { found_codestream = 1; s->buf += 8; } else { + if (s->buf_end - s->buf < atom_size) + return 0; s->buf += atom_size; search_range--; } @@ -1005,7 +1007,8 @@ static int decode_frame(AVCodecContext *avctx, return AVERROR(EINVAL); // check if the image is in jp2 format - if((AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && + if(s->buf_end - s->buf >= 12 && + (AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && (AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) { if(!jp2_find_codestream(s)) { av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n"); |