jpeg2000: Validate block lengthinc

Currently we are using an array with a static data size. Similar to a patch with the same purpose by Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

jpeg2000: Validate block lengthinc
Currently we are using an array with a static data size. Similar to a patch with the same purpose by Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
7e201d57 · Luca Barbato · 278a923c · 7e201d57
Commit 7e201d57 authored Jul 01, 2013 by Luca Barbato
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

jpeg2000dec.c libavcodec/jpeg2000dec.c +6 -0

No files found.
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -663,6 +663,12 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
            cblk->lblock += llen;
            if ((ret = get_bits(s, av_log2(newpasses) + cblk->lblock)) < 0)
                return ret;
+            if (ret > sizeof(cblk->data)) {
+                avpriv_request_sample(s->avctx,
+                                      "Block with lengthinc greater than %zu",
+                                      sizeof(cblk->data));
+                return AVERROR_PATCHWELCOME;
+            }
            cblk->lengthinc = ret;
            cblk->npasses  += newpasses;
        }