From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 27 Nov 2015 18:52:39 +0000 (+0100)
Subject: avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u5+rpi1^2~28
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6f94f64386a915cb251a3d2c091590bd996e96c3;p=libav.git

avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()

avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()

Fixes out of array access
Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Gbp-Pq: Name CVE-2015-8662.patch
---

diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c
index 6642a53..e040eee 100644
--- a/libavcodec/jpeg2000dwt.c
+++ b/libavcodec/jpeg2000dwt.c
@@ -334,6 +334,9 @@ int ff_jpeg2000_dwt_init(DWTContext *s, uint16_t border[2][2],
 
 int ff_dwt_decode(DWTContext *s, void *t)
 {
+    if (s->ndeclevels == 0)
+        return 0;
+
     switch (s->type) {
     case FF_DWT97:
         dwt_decode97_float(s, t);