jpeg2000: Check code-block size

author Michael Niedermayer <michaelni@gmx.at>

Mon, 1 Jul 2013 08:00:59 +0000 (10:00 +0200)

committer Luca Barbato <lu_zero@gentoo.org>

Tue, 2 Jul 2013 18:05:43 +0000 (20:05 +0200)
author Michael Niedermayer <michaelni@gmx.at>
Mon, 1 Jul 2013 08:00:59 +0000 (10:00 +0200)
committer Luca Barbato <lu_zero@gentoo.org>
Tue, 2 Jul 2013 18:05:43 +0000 (20:05 +0200)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c

index e29f731..8fbe349 100644 (file)
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -267,6 +267,12 @@ static int get_cox(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c)
      c->log2_cblk_width  = bytestream_get_byte(&s->buf) + 2; // cblk width
      c->log2_cblk_height = bytestream_get_byte(&s->buf) + 2; // cblk height
  
+    if (c->log2_cblk_width > 10 || c->log2_cblk_height > 10 ||
+        c->log2_cblk_width + c->log2_cblk_height > 12) {
+        av_log(s->avctx, AV_LOG_ERROR, "cblk size invalid\n");
+        return AVERROR_INVALIDDATA;
+    }
+
      c->cblk_style = bytestream_get_byte(&s->buf);
      if (c->cblk_style != 0) { // cblk style
          av_log(s->avctx, AV_LOG_ERROR, "no extra cblk styles supported\n");
author	Michael Niedermayer <michaelni@gmx.at>
	Mon, 1 Jul 2013 08:00:59 +0000 (10:00 +0200)
committer	Luca Barbato <lu_zero@gentoo.org>
	Tue, 2 Jul 2013 18:05:43 +0000 (20:05 +0200)