Browse code
avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi
This fix is choosen to be simple to backport, better solution
for master is planed
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Michael Niedermayer authored on 2015/11/16 05:12:50Showing 1 changed files
| ... | ... |
@@ -279,6 +279,10 @@ static int get_siz(Jpeg2000DecoderContext *s) |
| 279 | 279 |
avpriv_request_sample(s->avctx, "Support for image offsets"); |
| 280 | 280 |
return AVERROR_PATCHWELCOME; |
| 281 | 281 |
} |
| 282 |
+ if (s->width > 32768U || s->height > 32768U) {
|
|
| 283 |
+ avpriv_request_sample(s->avctx, "Large Dimensions"); |
|
| 284 |
+ return AVERROR_PATCHWELCOME; |
|
| 285 |
+ } |
|
| 282 | 286 |
|
| 283 | 287 |
if (ncomponents <= 0) {
|
| 284 | 288 |
av_log(s->avctx, AV_LOG_ERROR, "Invalid number of components: %d\n", |