Skip to content
Permalink
Browse files Browse the repository at this point in the history
avcodec/jpeg2000dec: fix context consistency with too large lowres
Fixes out of array accesses
Fixes Ticket2898

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
  • Loading branch information
michaelni committed Oct 15, 2013
1 parent 0a6ce25 commit a1b9004
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions libavcodec/jpeg2000dec.c
Expand Up @@ -370,11 +370,18 @@ static int get_cox(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c)
return AVERROR_INVALIDDATA;
}

if (c->nreslevels <= s->reduction_factor) {
/* we are forced to update reduction_factor as its requested value is
not compatible with this bitstream, and as we might have used it
already in setup earlier we have to fail this frame until
reinitialization is implemented */
av_log(s->avctx, AV_LOG_ERROR, "reduction_factor too large for this bitstream, max is %d\n", c->nreslevels - 1);
s->reduction_factor = c->nreslevels - 1;
return AVERROR(EINVAL);
}

/* compute number of resolution levels to decode */
if (c->nreslevels < s->reduction_factor)
c->nreslevels2decode = 1;
else
c->nreslevels2decode = c->nreslevels - s->reduction_factor;
c->nreslevels2decode = c->nreslevels - s->reduction_factor;

c->log2_cblk_width = (bytestream2_get_byteu(&s->g) & 15) + 2; // cblk width
c->log2_cblk_height = (bytestream2_get_byteu(&s->g) & 15) + 2; // cblk height
Expand Down

0 comments on commit a1b9004

Please sign in to comment.