projects / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49c7d31)
avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 27 Nov 2015 18:52:39 +0000 (19:52 +0100)
committerMike Gabriel <sunweaver@debian.org>
Tue, 28 May 2019 12:14:01 +0000 (13:14 +0100)
avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()

Fixes out of array access
Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Gbp-Pq: Name CVE-2015-8662.patch

libavcodec/jpeg2000dwt.c patch | blob | history

diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c
index 6642a53ac8e3ffc0577370552912cec96b806914..e040eeeeafec4729a0192b3627db643bbcb47088 100644 (file)
--- a/libavcodec/jpeg2000dwt.c
+++ b/libavcodec/jpeg2000dwt.c
@@ -334,6 +334,9 @@ int ff_jpeg2000_dwt_init(DWTContext *s, uint16_t border[2][2],
 
 int ff_dwt_decode(DWTContext *s, void *t)
 {
+    if (s->ndeclevels == 0)
+        return 0;
+
     switch (s->type) {
     case FF_DWT97:
         dwt_decode97_float(s, t);
Unnamed repository; edit this file 'description' to name the repository.