Skip to content
Permalink
Browse files Browse the repository at this point in the history
avcodec/jpeg2000dec: Check cdx/y values more carefully
Some invalid values where not handled correctly in the later pixel
format matching code.
Fixes out of array accesses
Fixes Ticket2848

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
  • Loading branch information
michaelni committed Aug 22, 2013
1 parent c443689 commit 8bb11c3
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion libavcodec/jpeg2000dec.c
Expand Up @@ -273,7 +273,8 @@ static int get_siz(Jpeg2000DecoderContext *s)
s->sgnd[i] = !!(x & 0x80);
s->cdx[i] = bytestream2_get_byteu(&s->g);
s->cdy[i] = bytestream2_get_byteu(&s->g);
if (!s->cdx[i] || !s->cdy[i]) {
if ( !s->cdx[i] || s->cdx[i] == 3 || s->cdx[i] > 4
|| !s->cdy[i] || s->cdy[i] == 3 || s->cdy[i] > 4) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid sample seperation\n");
return AVERROR_INVALIDDATA;
}
Expand Down

0 comments on commit 8bb11c3

Please sign in to comment.