On 06/21/2013 03:26 PM, Nicolas Bertrand wrote: > From: Michael Niedermayer <[email protected]> > > Fixes potential integer overflow > > Signed-off-by: Michael Niedermayer <[email protected]> > --- > libavcodec/jpeg2000dec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c > index 45396d0..a8dae3e 100644 > --- a/libavcodec/jpeg2000dec.c > +++ b/libavcodec/jpeg2000dec.c > @@ -192,6 +192,9 @@ static int get_siz(Jpeg2000DecoderContext *s) > s->numXtiles = ff_jpeg2000_ceildiv(s->width - s->tile_offset_x, > s->tile_width); > s->numYtiles = ff_jpeg2000_ceildiv(s->height - s->tile_offset_y, > s->tile_height); > > + if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(Jpeg2000Tile)) > + return AVERROR(EINVAL); > + > s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(*s->tile));
That should use av_mallocz_array instead. > if (!s->tile) > return AVERROR(ENOMEM); > _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
