On 06/21/2013 03:26 PM, Nicolas Bertrand wrote: > From: Michael Niedermayer <[email protected]>
Avoid multiple buffer overflow, maybe ? > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > Signed-off-by: Michael Niedermayer <[email protected]> > --- > libavcodec/jpeg2000dec.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c > index 8c49ea9..72b84e7 100644 > --- a/libavcodec/jpeg2000dec.c > +++ b/libavcodec/jpeg2000dec.c > @@ -176,6 +176,13 @@ static int get_siz(Jpeg2000DecoderContext *s) > s->tile_offset_y = bytestream_get_be32(&s->buf); // YT0Siz > s->ncomponents = bytestream_get_be16(&s->buf); // CSiz > > + if(s->ncomponents <= 0 || s->ncomponents > 4) { > + av_log(s->avctx, AV_LOG_ERROR, "unsupported/invalid ncomponents: > %d\n", s->ncomponents); > + return AVERROR(EINVAL); > + } > + if(s->tile_width<=0 || s->tile_height<=0) > + return AVERROR(EINVAL); format it properly with spaces between operators. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
