Merge commit '1018a92219a38a812cf97761c6b3a5e66a400f4b'

* commit '1018a92219a38a812cf97761c6b3a5e66a400f4b':
  jpeg2000: Check block length

See: 914ab4cd1c
See: 582f53349e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-10-10 09:55:17 +02:00
commit e96c80154f

View File

@ -791,8 +791,12 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
Jpeg2000Cblk *cblk = prec->cblk + cblkno; Jpeg2000Cblk *cblk = prec->cblk + cblkno;
if ( bytestream2_get_bytes_left(&s->g) < cblk->lengthinc if ( bytestream2_get_bytes_left(&s->g) < cblk->lengthinc
|| sizeof(cblk->data) < cblk->length + cblk->lengthinc + 2 || sizeof(cblk->data) < cblk->length + cblk->lengthinc + 2
) ) {
av_log(s->avctx, AV_LOG_ERROR,
"Block length %d or lengthinc %d is too large\n",
cblk->length, cblk->lengthinc);
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
}
bytestream2_get_bufferu(&s->g, cblk->data + cblk->length, cblk->lengthinc); bytestream2_get_bufferu(&s->g, cblk->data + cblk->length, cblk->lengthinc);
cblk->length += cblk->lengthinc; cblk->length += cblk->lengthinc;