On 06/21/2013 03:26 PM, Nicolas Bertrand wrote: > From: Michael Niedermayer <[email protected]> > > Fixes out of array reads > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > Signed-off-by: Michael Niedermayer <[email protected]> > > Conflicts: > > libavcodec/j2kdec.c > --- > libavcodec/jpeg2000dec.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c > index 4ef0e8b..5620b5b 100644 > --- a/libavcodec/jpeg2000dec.c > +++ b/libavcodec/jpeg2000dec.c > @@ -643,7 +643,9 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext > *s, > nb_code_blocks = prec->nb_codeblocks_height * > prec->nb_codeblocks_width; > for (cblkno = 0; cblkno < nb_code_blocks; cblkno++) { > Jpeg2000Cblk *cblk = prec->cblk + cblkno; > - if (bytestream2_get_bytes_left(&s->g) < cblk->lengthinc) > + if ( bytestream2_get_bytes_left(&s->g) < cblk->lengthinc > + || sizeof(cblk->data) < cblk->lengthinc > + ) > return AVERROR(EINVAL);
Please doublecheck it while you fix the formatting. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
