avcodec/jpeg2000dec: Check tile offsets more completely
authorMichael Niedermayer <michael@niedermayer.cc>
Sun, 28 May 2017 11:52:13 +0000 (13:52 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Mon, 5 Jun 2017 21:16:54 +0000 (23:16 +0200)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c1812491f7be2730351969f4abd9b99d300d604)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/jpeg2000dec.c

index 51a1eeb..26d8ea9 100644 (file)
@@ -299,7 +299,10 @@ static int get_siz(Jpeg2000DecoderContext *s)
 
     if (s->tile_offset_x < 0 || s->tile_offset_y < 0 ||
         s->image_offset_x < s->tile_offset_x ||
-        s->image_offset_y < s->tile_offset_y) {
+        s->image_offset_y < s->tile_offset_y ||
+        s->tile_width  + (int64_t)s->tile_offset_x <= s->image_offset_x ||
+        s->tile_height + (int64_t)s->tile_offset_y <= s->image_offset_y
+    ) {
         av_log(s->avctx, AV_LOG_ERROR, "Tile offsets are invalid\n");
         return AVERROR_INVALIDDATA;
     }