diff options
| author | Gautam Ramakrishnan <gautamramk@gmail.com> | 2020-03-26 07:54:36 +0300 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-03-27 23:36:06 +0300 |
| commit | 26a36801c0496ec0975af1b7af3ced220aa2aa18 (patch) | |
| tree | ec7f6ca202c43cddfc7831a42d982208ab398a84 /libavcodec/jpeg2000dec.c | |
| parent | b71685865fe761925feedda3cd0b288224d9a509 (diff) | |
avcodec/jpeg2000dec: error check when processing tlm marker
Validate the value of ST field in the TLM marker of JPEG2000.
Throw an error when ST takes value of 0b11.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/jpeg2000dec.c')
| -rw-r--r-- | libavcodec/jpeg2000dec.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 019dc81f56..7103cd6ceb 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -795,7 +795,7 @@ static int get_sot(Jpeg2000DecoderContext *s, int n) * markers. Parsing the TLM header is needed to increment the input header * buffer. * This marker is mandatory for DCI. */ -static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) +static int get_tlm(Jpeg2000DecoderContext *s, int n) { uint8_t Stlm, ST, SP, tile_tlm, i; bytestream2_get_byte(&s->g); /* Ztlm: skipped */ @@ -803,7 +803,11 @@ static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) // too complex ? ST = ((Stlm >> 4) & 0x01) + ((Stlm >> 4) & 0x02); ST = (Stlm >> 4) & 0x03; - // TODO: Manage case of ST = 0b11 --> raise error + if (ST == 0x03) { + av_log(s->avctx, AV_LOG_ERROR, "TLM marker contains invalid ST value.\n"); + return AVERROR_INVALIDDATA; + } + SP = (Stlm >> 6) & 0x01; tile_tlm = (n - 4) / ((SP + 1) * 2 + ST); for (i = 0; i < tile_tlm; i++) { |