j2kdec: Check for interger overflow in tile array allocation
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 24 Dec 2011 04:03:04 +0000 (05:03 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 3 Jan 2012 21:30:47 +0000 (22:30 +0100)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3132999fdb57d8d3ba5e08a4dc1b3661e885c04d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/j2kdec.c

index a8c0c52..c8dabc0 100644 (file)
@@ -238,6 +238,9 @@ static int get_siz(J2kDecoderContext *s)
     s->numXtiles = ff_j2k_ceildiv(s->width - s->tile_offset_x, s->tile_width);
     s->numYtiles = ff_j2k_ceildiv(s->height - s->tile_offset_y, s->tile_height);
 
+    if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(J2kTile))
+        return AVERROR(EINVAL);
+
     s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(J2kTile));
     if (!s->tile)
         return AVERROR(ENOMEM);