virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/jpeg2000dec: get_qcx, fix stack and heap overwrites

Browse Source 
This is likely remotely exploitable
Fix ported from j2kdec
No uptodate FFmpeg release should be affected by this

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-05-21 23:38:26 +02:00
parent f98dbc7311
commit c649ecb3b2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/jpeg2000dec.c
View File

@ -353,7 +353,7 @@ static int get_qcx(Jpeg2000DecoderContext *s, int n, Jpeg2000QuantStyle *q)
if (q->quantsty == JPEG2000_QSTY_NONE) {
n -= 3;
if (s->buf_end - s->buf < n)
if (s->buf_end - s->buf < n || 32*3 < n)
return AVERROR(EINVAL);
for (i = 0; i < n; i++)
q->expn[i] = bytestream_get_byte(&s->buf) >> 3;
@ -370,7 +370,7 @@ static int get_qcx(Jpeg2000DecoderContext *s, int n, Jpeg2000QuantStyle *q)
}
} else {
n = (n - 3) >> 1;
if (s->buf_end - s->buf < n)
if (s->buf_end - s->buf < 2 * n || 32*3 < n)
return AVERROR(EINVAL);
for (i = 0; i < n; i++) {
x = bytestream_get_be16(&s->buf);