Browse code
j2kdec: Check for interger overflow in tile array allocation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3132999fdb57d8d3ba5e08a4dc1b3661e885c04d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer authored on 2011/12/24 13:03:04Showing 1 changed files
| ... | ... |
@@ -238,6 +238,9 @@ static int get_siz(J2kDecoderContext *s) |
| 238 | 238 |
s->numXtiles = ff_j2k_ceildiv(s->width - s->tile_offset_x, s->tile_width); |
| 239 | 239 |
s->numYtiles = ff_j2k_ceildiv(s->height - s->tile_offset_y, s->tile_height); |
| 240 | 240 |
|
| 241 |
+ if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(J2kTile)) |
|
| 242 |
+ return AVERROR(EINVAL); |
|
| 243 |
+ |
|
| 241 | 244 |
s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(J2kTile)); |
| 242 | 245 |
if (!s->tile) |
| 243 | 246 |
return AVERROR(ENOMEM); |