From 84cf7418618ff452c32d94b678650b5a94658a79 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 9 Jun 2015 00:37:26 +0200 Subject: [PATCH] avcodec/jpeg2000dec: Check that coords match before applying ICT This avoid potential out of array accesses Signed-off-by: Michael Niedermayer (cherry picked from commit 12ba1b2b4d5592c0e27b0fcc83db929e8d6a8eee) Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000dec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index eb299c5140..30e069e76f 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -1162,11 +1162,16 @@ static void mct_decode(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile) int32_t *src[3], i0, i1, i2; float *srcf[3], i0f, i1f, i2f; - for (i = 1; i < 3; i++) + for (i = 1; i < 3; i++) { if (tile->codsty[0].transform != tile->codsty[i].transform) { av_log(s->avctx, AV_LOG_ERROR, "Transforms mismatch, MCT not supported\n"); return; } + if (memcmp(tile->comp[0].coord, tile->comp[i].coord, sizeof(tile->comp[0].coord))) { + av_log(s->avctx, AV_LOG_ERROR, "Coords mismatch, MCT not supported\n"); + return; + } + } for (i = 0; i < 3; i++) if (tile->codsty[0].transform == FF_DWT97)