diff options
author | Laurent Aimar <fenrir@videolan.org> | 2011-09-29 01:04:53 +0200 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2011-10-01 20:51:28 +0200 |
commit | dc9b708f4d79162771d893532fe35159fad0c21d (patch) | |
tree | 1686846a562401333366801b864776aef03a0efd /libavcodec/j2kdec.c | |
parent | f8eabfc16ed260ae33bd2c15c240eaf2129dba47 (diff) | |
download | ffmpeg-dc9b708f4d79162771d893532fe35159fad0c21d.tar.gz |
Check for out of bound reads in jpeg 2000 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02660a871301adada14b0e0fe64c66f73c2e4541)
Diffstat (limited to 'libavcodec/j2kdec.c')
-rw-r--r-- | libavcodec/j2kdec.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c index 73af6a73df..96b4f64098 100644 --- a/libavcodec/j2kdec.c +++ b/libavcodec/j2kdec.c @@ -961,18 +961,20 @@ static int decode_codestream(J2kDecoderContext *s) static int jp2_find_codestream(J2kDecoderContext *s) { - int32_t atom_size; + uint32_t atom_size; int found_codestream = 0, search_range = 10; // skip jpeg2k signature atom s->buf += 12; - while(!found_codestream && search_range) { + while(!found_codestream && search_range && s->buf_end - s->buf >= 8) { atom_size = AV_RB32(s->buf); if(AV_RB32(s->buf + 4) == JP2_CODESTREAM) { found_codestream = 1; s->buf += 8; } else { + if (s->buf_end - s->buf < atom_size) + return 0; s->buf += atom_size; search_range--; } @@ -1005,7 +1007,8 @@ static int decode_frame(AVCodecContext *avctx, return AVERROR(EINVAL); // check if the image is in jp2 format - if((AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && + if(s->buf_end - s->buf >= 12 && + (AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) && (AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) { if(!jp2_find_codestream(s)) { av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n"); |