avcodec/jpeg2000dec: fix context consistency with too large lowres
authorMichael Niedermayer <michaelni@gmx.at>
Tue, 15 Oct 2013 11:15:47 +0000 (13:15 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 24 Dec 2013 00:05:46 +0000 (01:05 +0100)
Fixes out of array accesses
Fixes Ticket2898

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a1b9004b768bef606ee98d417bceb9392ceb788d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/jpeg2000dec.c

index 3856d7b..5730b3c 100644 (file)
@@ -369,11 +369,18 @@ static int get_cox(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c)
         return AVERROR_INVALIDDATA;
     }
 
+    if (c->nreslevels <= s->reduction_factor) {
+        /* we are forced to update reduction_factor as its requested value is
+           not compatible with this bitstream, and as we might have used it
+           already in setup earlier we have to fail this frame until
+           reinitialization is implemented */
+        av_log(s->avctx, AV_LOG_ERROR, "reduction_factor too large for this bitstream, max is %d\n", c->nreslevels - 1);
+        s->reduction_factor = c->nreslevels - 1;
+        return AVERROR(EINVAL);
+    }
+
     /* compute number of resolution levels to decode */
-    if (c->nreslevels < s->reduction_factor)
-        c->nreslevels2decode = 1;
-    else
-        c->nreslevels2decode = c->nreslevels - s->reduction_factor;
+    c->nreslevels2decode = c->nreslevels - s->reduction_factor;
 
     c->log2_cblk_width  = (bytestream2_get_byteu(&s->g) & 15) + 2; // cblk width
     c->log2_cblk_height = (bytestream2_get_byteu(&s->g) & 15) + 2; // cblk height