Merge commit '1018a92219a38a812cf97761c6b3a5e66a400f4b'

* commit '1018a92219a38a812cf97761c6b3a5e66a400f4b': jpeg2000: Check block length See: 914ab4cd1c59eae10771f2d6a892ec6b6f36b0e2 See: 582f53349eabd75164d4389503eb95048982cfdc Merged-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer 2013-10-10 09:55:17 +0200
committer: Michael Niedermayer 2013-10-10 10:32:04 +0200
commit: e96c80154f7c8332530b39f490d604d79a106768 (patch)
tree: 3ddc52d6620e4ad4e3e59bb3e2e707617df60b20
parent: 5a7a902ac3f7ec4620c28d6f7f8c04e7e107b1fa (diff)
parent: 1018a92219a38a812cf97761c6b3a5e66a400f4b (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 26cacd5bba..aae369787f 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -791,8 +791,12 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s,
             Jpeg2000Cblk *cblk = prec->cblk + cblkno;
             if (   bytestream2_get_bytes_left(&s->g) < cblk->lengthinc
                 || sizeof(cblk->data) < cblk->length + cblk->lengthinc + 2
-            )
+            ) {
+                av_log(s->avctx, AV_LOG_ERROR,
+                       "Block length %d or lengthinc %d is too large\n",
+                       cblk->length, cblk->lengthinc);
                 return AVERROR_INVALIDDATA;
+            }
 
             bytestream2_get_bufferu(&s->g, cblk->data + cblk->length, cblk->lengthinc);
             cblk->length   += cblk->lengthinc;
author	Michael Niedermayer	2013-10-10 09:55:17 +0200
committer	Michael Niedermayer	2013-10-10 10:32:04 +0200
commit	e96c80154f7c8332530b39f490d604d79a106768 (patch)
tree	3ddc52d6620e4ad4e3e59bb3e2e707617df60b20
parent	5a7a902ac3f7ec4620c28d6f7f8c04e7e107b1fa (diff)
parent	1018a92219a38a812cf97761c6b3a5e66a400f4b (diff)