lavc/jpeg2000dec: Fix jp2 inner atom size used for overread checks.
authorCarl Eugen Hoyos <cehoyos@ag.or.at>
Tue, 2 May 2017 14:09:11 +0000 (16:09 +0200)
committerCarl Eugen Hoyos <cehoyos@ag.or.at>
Wed, 3 May 2017 01:45:33 +0000 (03:45 +0200)
libavcodec/jpeg2000dec.c

index e9f5f51..ab814ca 100644 (file)
@@ -1982,6 +1982,7 @@ static int jp2_find_codestream(Jpeg2000DecoderContext *s)
                 atom2_end  = bytestream2_tell(&s->g) + atom2_size - 8;
                 if (atom2_size < 8 || atom2_end > atom_end || atom2_end < atom2_size)
                     break;
+                atom2_size -= 8;
                 if (atom2 == JP2_CODESTREAM) {
                     return 1;
                 } else if (atom2 == MKBETAG('c','o','l','r') && atom2_size >= 7) {