Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/j2kdec.c
diff options
context:
space:
mode:
authorLaurent Aimar <fenrir@videolan.org>2011-09-29 03:04:53 +0400
committerMichael Niedermayer <michaelni@gmx.at>2011-09-29 08:11:18 +0400
commit02660a871301adada14b0e0fe64c66f73c2e4541 (patch)
tree0bd1d4aefc2263d0273369b15f12f2d34f6f7230 /libavcodec/j2kdec.c
parent41b7389cade702383e59343561776f83bb26e17f (diff)
Check for out of bound reads in jpeg 2000 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/j2kdec.c')
-rw-r--r--libavcodec/j2kdec.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/libavcodec/j2kdec.c b/libavcodec/j2kdec.c
index caa904d8b3..01a1e2e399 100644
--- a/libavcodec/j2kdec.c
+++ b/libavcodec/j2kdec.c
@@ -961,18 +961,20 @@ static int decode_codestream(J2kDecoderContext *s)
static int jp2_find_codestream(J2kDecoderContext *s)
{
- int32_t atom_size;
+ uint32_t atom_size;
int found_codestream = 0, search_range = 10;
// skip jpeg2k signature atom
s->buf += 12;
- while(!found_codestream && search_range) {
+ while(!found_codestream && search_range && s->buf_end - s->buf >= 8) {
atom_size = AV_RB32(s->buf);
if(AV_RB32(s->buf + 4) == JP2_CODESTREAM) {
found_codestream = 1;
s->buf += 8;
} else {
+ if (s->buf_end - s->buf < atom_size)
+ return 0;
s->buf += atom_size;
search_range--;
}
@@ -1005,7 +1007,8 @@ static int decode_frame(AVCodecContext *avctx,
return AVERROR(EINVAL);
// check if the image is in jp2 format
- if((AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) &&
+ if(s->buf_end - s->buf >= 12 &&
+ (AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) &&
(AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) {
if(!jp2_find_codestream(s)) {
av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n");
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 16:29:32 +0300