[FFmpeg-cvslog] avcodec/jpeg2000dec: Port tile size check from j2kdec

Michael Niedermayer git at videolan.org
Wed May 22 03:24:30 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed May 22 03:12:44 2013 +0200| [53f04424646d8f5cbac915717f2604ad516b4881] | committer: Michael Niedermayer

avcodec/jpeg2000dec: Port tile size check from j2kdec

Fixes potential integer overflow

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=53f04424646d8f5cbac915717f2604ad516b4881
---

 libavcodec/jpeg2000dec.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 125aacd..a43cc7e 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -192,6 +192,9 @@ static int get_siz(Jpeg2000DecoderContext *s)
     s->numXtiles = ff_jpeg2000_ceildiv(s->width  - s->tile_offset_x, s->tile_width);
     s->numYtiles = ff_jpeg2000_ceildiv(s->height - s->tile_offset_y, s->tile_height);
 
+    if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(Jpeg2000Tile))
+        return AVERROR(EINVAL);
+
     s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(*s->tile));
     if (!s->tile)
         return AVERROR(ENOMEM);



More information about the ffmpeg-cvslog mailing list