avcodec/jpeg2000dec: Check tile offsets more completely
authorMichael Niedermayer <michael@niedermayer.cc>
Sun, 28 May 2017 11:52:13 +0000 (13:52 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 15 Jun 2017 23:05:28 +0000 (01:05 +0200)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c1812491f7be2730351969f4abd9b99d300d604)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/jpeg2000dec.c

index fca7740..6267629 100644 (file)
@@ -300,7 +300,10 @@ static int get_siz(Jpeg2000DecoderContext *s)
 
     if (s->tile_offset_x < 0 || s->tile_offset_y < 0 ||
         s->image_offset_x < s->tile_offset_x ||
-        s->image_offset_y < s->tile_offset_y) {
+        s->image_offset_y < s->tile_offset_y ||
+        s->tile_width  + (int64_t)s->tile_offset_x <= s->image_offset_x ||
+        s->tile_height + (int64_t)s->tile_offset_y <= s->image_offset_y
+    ) {
         av_log(s->avctx, AV_LOG_ERROR, "Tile offsets are invalid\n");
         return AVERROR_INVALIDDATA;
     }