jpeg2000: Validate SOT parsing

Avoid some overreads.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

libavcodec/jpeg2000dec.c

@@ -423,6 +423,9 @@ static int get_sot(Jpeg2000DecoderContext *s, int n)
         return AVERROR_INVALIDDATA;
 
     Isot = bytestream2_get_be16u(&s->g);        // Isot
+    if (Isot >= s->numXtiles * s->numYtiles)
+        return AVERROR_INVALIDDATA;
+
     if (Isot) {
         avpriv_request_sample(s->avctx, "Support for more than one tile");
         return AVERROR_PATCHWELCOME;
@@ -433,6 +436,16 @@ static int get_sot(Jpeg2000DecoderContext *s, int n)
     /* Read TNSot but not used */
     bytestream2_get_byteu(&s->g);               // TNsot
 
+    if (Psot > bytestream2_get_bytes_left(&s->g) + n + 2) {
+        av_log(s->avctx, AV_LOG_ERROR, "Psot %d too big\n", Psot);
+        return AVERROR_INVALIDDATA;
+    }
+
+    if (TPsot >= FF_ARRAY_ELEMS(s->tile[Isot].tile_part)) {
+        avpriv_request_sample(s->avctx, "Support for %d components", TPsot);
+        return AVERROR_PATCHWELCOME;
+    }
+
     tp             = s->tile[s->curtileno].tile_part + TPsot;
     tp->tile_index = Isot;
     tp->tp_len     = Psot;