jpeg2000dec: Check bpno in decode_cblk()

Fixes integer overflow in fate-redcode-demux Reviewed-by: Nicolas BERTRAND <nicoinattendu@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

jpeg2000dec: Check bpno in decode_cblk()
Fixes integer overflow in fate-redcode-demux Reviewed-by: Nicolas BERTRAND <nicoinattendu@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
8e887ca1 · Michael Niedermayer · d5caf10c · 8e887ca1
Commit 8e887ca1 authored Jun 08, 2013 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

jpeg2000dec.c libavcodec/jpeg2000dec.c +4 -0

No files found.
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -901,6 +901,10 @@ static int decode_cblk(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *codsty,
    ff_mqc_initdec(&t1->mqc, cblk->data);

    while (passno--) {
+        if (bpno < 0) {
+            av_log(s->avctx, AV_LOG_ERROR, "bpno invalid\n");
+            return AVERROR(EINVAL);
+        }
        switch(pass_t) {
        case 0:
            decode_sigpass(t1, width, height, bpno + 1, bandpos,