[FFmpeg-cvslog] avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
Michael Niedermayer
git at videolan.org
Sun Dec 6 12:57:20 CET 2015
ffmpeg | branch: release/2.4 | Michael Niedermayer <michael at niedermayer.cc> | Sun Nov 15 21:12:50 2015 +0100| [50870dd3de5c69f90a95ca7f5d8eeaffe1b675ac] | committer: Michael Niedermayer
avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi
This fix is choosen to be simple to backport, better solution
for master is planed
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50870dd3de5c69f90a95ca7f5d8eeaffe1b675ac
---
libavcodec/jpeg2000dec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 83154c7..ab34df0 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -250,6 +250,10 @@ static int get_siz(Jpeg2000DecoderContext *s)
avpriv_request_sample(s->avctx, "Support for image offsets");
return AVERROR_PATCHWELCOME;
}
+ if (s->width > 32768U || s->height > 32768U) {
+ avpriv_request_sample(s->avctx, "Large Dimensions");
+ return AVERROR_PATCHWELCOME;
+ }
if (ncomponents <= 0) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid number of components: %d\n",
More information about the ffmpeg-cvslog
mailing list