Skip to content
Browse files

avcodec/jpeg2000dec: Check cdx/y values more carefully

Some invalid values where not handled correctly in the later pixel
format matching code.
Fixes out of array accesses
Fixes Ticket2848

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
  • Loading branch information...
1 parent c443689 commit 8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f @michaelni michaelni committed
Showing with 2 additions and 1 deletion.
  1. +2 −1 libavcodec/jpeg2000dec.c
View
3 libavcodec/jpeg2000dec.c
@@ -273,7 +273,8 @@ static int get_siz(Jpeg2000DecoderContext *s)
s->sgnd[i] = !!(x & 0x80);
s->cdx[i] = bytestream2_get_byteu(&s->g);
s->cdy[i] = bytestream2_get_byteu(&s->g);
- if (!s->cdx[i] || !s->cdy[i]) {
+ if ( !s->cdx[i] || s->cdx[i] == 3 || s->cdx[i] > 4
+ || !s->cdy[i] || s->cdy[i] == 3 || s->cdy[i] > 4) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid sample seperation\n");
return AVERROR_INVALIDDATA;
}

0 comments on commit 8bb11c3

Please sign in to comment.
Something went wrong with that request. Please try again.