Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi
This fix is choosen to be simple to backport, better solution
for master is planed
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
... | ... |
@@ -279,6 +279,10 @@ static int get_siz(Jpeg2000DecoderContext *s) |
279 | 279 |
avpriv_request_sample(s->avctx, "Support for image offsets"); |
280 | 280 |
return AVERROR_PATCHWELCOME; |
281 | 281 |
} |
282 |
+ if (s->width > 32768U || s->height > 32768U) { |
|
283 |
+ avpriv_request_sample(s->avctx, "Large Dimensions"); |
|
284 |
+ return AVERROR_PATCHWELCOME; |
|
285 |
+ } |
|
282 | 286 |
|
283 | 287 |
if (ncomponents <= 0) { |
284 | 288 |
av_log(s->avctx, AV_LOG_ERROR, "Invalid number of components: %d\n", |