[FFmpeg-cvslog] avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range

Michael Niedermayer git at videolan.org
Thu Nov 26 17:55:08 CET 2015


ffmpeg | branch: release/2.5 | Michael Niedermayer <michael at niedermayer.cc> | Sun Nov 15 21:12:50 2015 +0100| [13434d5f9f778a8e60a660c0f9993831da592abd] | committer: Michael Niedermayer

avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range

Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

This fix is choosen to be simple to backport, better solution
for master is planed

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13434d5f9f778a8e60a660c0f9993831da592abd
---

 libavcodec/jpeg2000dec.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 787fb99..f926ab8 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -252,6 +252,10 @@ static int get_siz(Jpeg2000DecoderContext *s)
         avpriv_request_sample(s->avctx, "Support for image offsets");
         return AVERROR_PATCHWELCOME;
     }
+    if (s->width > 32768U || s->height > 32768U) {
+        avpriv_request_sample(s->avctx, "Large Dimensions");
+        return AVERROR_PATCHWELCOME;
+    }
 
     if (ncomponents <= 0) {
         av_log(s->avctx, AV_LOG_ERROR, "Invalid number of components: %d\n",



More information about the ffmpeg-cvslog mailing list