openjpeg: guard against invalid memory access on crafted files

author Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>

Wed, 7 Jun 2017 15:17:50 +0000 (16:17 +0100)

committer Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>

Thu, 8 Jun 2017 15:17:44 +0000 (16:17 +0100)
author Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Wed, 7 Jun 2017 15:17:50 +0000 (16:17 +0100)
committer Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Thu, 8 Jun 2017 15:17:44 +0000 (16:17 +0100)
diff --git a/ext/openjpeg/gstopenjpegdec.c b/ext/openjpeg/gstopenjpegdec.c

index 60b9543..933c79d 100644 (file)
--- a/ext/openjpeg/gstopenjpegdec.c
+++ b/ext/openjpeg/gstopenjpegdec.c
@@ -1012,6 +1012,9 @@ gst_openjpeg_dec_handle_frame (GstVideoDecoder * decoder,
    if (!gst_buffer_map (frame->input_buffer, &map, GST_MAP_READ))
      goto map_read_error;
  
+  if (self->is_jp2c && map.size < 8)
+    goto open_error;
+
  #ifdef HAVE_OPENJPEG_1
    io = opj_cio_open ((opj_common_ptr) dec, map.data + (self->is_jp2c ? 8 : 0),
        map.size - (self->is_jp2c ? 8 : 0));
author	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
	Wed, 7 Jun 2017 15:17:50 +0000 (16:17 +0100)
committer	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
	Thu, 8 Jun 2017 15:17:44 +0000 (16:17 +0100)