jpeg2000: Check zero bit-plane validity
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 1 Jul 2013 08:01:06 +0000 (10:01 +0200)
committerLuca Barbato <lu_zero@gentoo.org>
Tue, 2 Jul 2013 18:05:44 +0000 (20:05 +0200)
Prevent integer overflows.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
libavcodec/jpeg2000dec.c

index 83efab8..ffe97eb 100644 (file)
@@ -652,10 +652,16 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
             else if (incl < 0)
                 return incl;
 
-            if (!cblk->npasses)
-                cblk->nonzerobits = expn[bandno] + numgbits - 1 -
-                                    tag_tree_decode(s, prec->zerobits + cblkno,
-                                                    100);
+            if (!cblk->npasses) {
+                int v = expn[bandno] + numgbits - 1 -
+                        tag_tree_decode(s, prec->zerobits + cblkno, 100);
+                if (v < 0) {
+                    av_log(s->avctx, AV_LOG_ERROR,
+                           "nonzerobits %d invalid\n", v);
+                    return AVERROR_INVALIDDATA;
+                }
+                cblk->nonzerobits = v;
+            }
             if ((newpasses = getnpasses(s)) < 0)
                 return newpasses;
             if ((llen = getlblockinc(s)) < 0)