From b395fd3de7dab14841b3c7898aaea04d29c11bc7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 12 Jun 2015 02:02:04 +0200 Subject: [PATCH] avcodec/jpeg2000dec: add some sanity checking on newpasses Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000.h | 2 ++ libavcodec/jpeg2000dec.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/libavcodec/jpeg2000.h b/libavcodec/jpeg2000.h index acdba62a07..46067c871c 100644 --- a/libavcodec/jpeg2000.h +++ b/libavcodec/jpeg2000.h @@ -71,6 +71,8 @@ enum Jpeg2000Quantsty { // quantization style #define JPEG2000_MAX_DECLEVELS 32 #define JPEG2000_MAX_RESLEVELS (JPEG2000_MAX_DECLEVELS + 1) +#define JPEG2000_MAX_PASSES 100 + // T1 flags // flags determining significance of neighbor coefficients #define JPEG2000_T1_SIG_N 0x0001 diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index aa6d8ecb39..099242de44 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -805,6 +805,11 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, } if ((newpasses = getnpasses(s)) < 0) return newpasses; + av_assert2(newpasses > 0); + if (cblk->npasses + newpasses >= JPEG2000_MAX_PASSES) { + avpriv_request_sample(s->avctx, "Too many passes\n"); + return AVERROR_PATCHWELCOME; + } if ((llen = getlblockinc(s)) < 0) return llen; if (cblk->lblock + llen + av_log2(newpasses) > 16) {