From: Michael Niedermayer <[email protected]> Avoid overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Signed-off-by: Nicolas Bertrand <[email protected]> --- libavcodec/jpeg2kdec.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2kdec.c b/libavcodec/jpeg2kdec.c index 84eb484..e922bdf 100644 --- a/libavcodec/jpeg2kdec.c +++ b/libavcodec/jpeg2kdec.c @@ -362,6 +362,13 @@ static int get_coc(Jpeg2KDecoderContext *s, Jpeg2KCodingStyle *c, compno = bytestream2_get_byteu(&s->g); + if (compno >= s->ncomponents) { + av_log(s->avctx, AV_LOG_ERROR, + "Invalid compno %d. There are %d components in the image.\n", + compno, s->ncomponents); + return AVERROR_INVALIDDATA; + } + c += compno; c->csty = bytestream2_get_byteu(&s->g); get_cox(s, c); @@ -440,7 +447,15 @@ static int get_qcc(Jpeg2KDecoderContext *s, int n, Jpeg2KQuantStyle *q, if (bytestream2_get_bytes_left(&s->g) < 1) return AVERROR_INVALIDDATA; - compno = bytestream2_get_byteu(&s->g); + compno = bytestream2_get_byteu(&s->g); + + if (compno >= s->ncomponents) { + av_log(s->avctx, AV_LOG_ERROR, + "Invalid compno %d. There are %d components in the image.\n", + compno, s->ncomponents); + return AVERROR_INVALIDDATA; + } + properties[compno] |= HAD_QCC; return get_qcx(s, n - 1, q + compno); } -- 1.7.9.5 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
