From 5650e331a733711b809bc27f968500f0f5530126 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Mon, 1 Jul 2013 10:00:58 +0200 Subject: [PATCH] jpeg2000: Validate resolution levels There are 32 maximum decomposition levels, thus 33 resolution levels. Signed-off-by: Luca Barbato --- libavcodec/jpeg2000dec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 8c49ea9307..e29f73162b 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -251,7 +251,12 @@ static int get_cox(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c) if (s->buf_end - s->buf < 5) return AVERROR(EINVAL); - c->nreslevels = bytestream_get_byte(&s->buf) + 1; // num of resolution levels - 1 + /* nreslevels = number of resolution levels + = number of decomposition level +1 */ + c->nreslevels = bytestream_get_byte(&s->buf) + 1; + + if (c->nreslevels > JPEG2000_MAX_RESLEVELS) + return AVERROR_INVALIDDATA; /* compute number of resolution levels to decode */ if (c->nreslevels < s->reduction_factor)