Browse code
avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65d3359fb366ea265a8468d76a111cb7352f0b55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2015/11/16 05:17:05Showing 1 changed files
| ... | ... |
@@ -831,10 +831,10 @@ static int init_tile(Jpeg2000DecoderContext *s, int tileno) |
| 831 | 831 |
if (!tile->comp) |
| 832 | 832 |
return AVERROR(ENOMEM); |
| 833 | 833 |
|
| 834 |
- tile->coord[0][0] = av_clip(tilex * s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); |
|
| 835 |
- tile->coord[0][1] = av_clip((tilex + 1) * s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); |
|
| 836 |
- tile->coord[1][0] = av_clip(tiley * s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); |
|
| 837 |
- tile->coord[1][1] = av_clip((tiley + 1) * s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); |
|
| 834 |
+ tile->coord[0][0] = av_clip(tilex * (int64_t)s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); |
|
| 835 |
+ tile->coord[0][1] = av_clip((tilex + 1) * (int64_t)s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); |
|
| 836 |
+ tile->coord[1][0] = av_clip(tiley * (int64_t)s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); |
|
| 837 |
+ tile->coord[1][1] = av_clip((tiley + 1) * (int64_t)s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); |
|
| 838 | 838 |
|
| 839 | 839 |
for (compno = 0; compno < s->ncomponents; compno++) {
|
| 840 | 840 |
Jpeg2000Component *comp = tile->comp + compno; |