From 48c00a93718ebbf293fce4abaa2f273f58fa543e Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers
 <pkg-multimedia-maintainers@lists.alioth.debian.org>
Date: Mon, 21 Jan 2019 14:30:50 +0000
Subject: [PATCH] avcodec/jpeg2000dec: Check for duplicate SIZ marker

avcodec/jpeg2000dec: Check for duplicate SIZ marker

Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Gbp-Pq: Name CVE-2015-8363.patch
---
 libavcodec/jpeg2000dec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index aed9b2b..24b1efe 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1265,6 +1265,7 @@ static void jpeg2000_dec_cleanup(Jpeg2000DecoderContext *s)
     }
     av_freep(&s->tile);
     s->numXtiles = s->numYtiles = 0;
+    s->ncomponents = 0;
 }
 
 static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s)
@@ -1315,6 +1316,10 @@ static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s)
 
         switch (marker) {
         case JPEG2000_SIZ:
+            if (s->ncomponents) {
+                av_log(s->avctx, AV_LOG_ERROR, "Duplicate SIZ\n");
+                return AVERROR_INVALIDDATA;
+            }
             ret = get_siz(s);
             break;
         case JPEG2000_COC:
-- 
2.30.2