s->tile_offset_y = bytestream_get_be32(&s->buf); // YT0Siz
s->ncomponents = bytestream_get_be16(&s->buf); // CSiz
+ if(s->tile_width<=0 || s->tile_height<=0)
+ return AVERROR(EINVAL);
+
if (s->buf_end - s->buf < 2 * s->ncomponents)
return AVERROR(EINVAL);
s->numXtiles = ff_j2k_ceildiv(s->width - s->tile_offset_x, s->tile_width);
s->numYtiles = ff_j2k_ceildiv(s->height - s->tile_offset_y, s->tile_height);
+ if(s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(J2kTile))
+ return AVERROR(EINVAL);
+
s->tile = av_mallocz(s->numXtiles * s->numYtiles * sizeof(J2kTile));
if (!s->tile)
return AVERROR(ENOMEM);
if ((ret = s->avctx->get_buffer(s->avctx, &s->picture)) < 0)
return ret;
- s->picture.pict_type = FF_I_TYPE;
+ s->picture.pict_type = AV_PICTURE_TYPE_I;
s->picture.key_frame = 1;
return 0;
if (q->quantsty == J2K_QSTY_NONE){
n -= 3;
- if (s->buf_end - s->buf < n)
+ if (s->buf_end - s->buf < n || 32*3 < n)
return AVERROR(EINVAL);
for (i = 0; i < n; i++)
q->expn[i] = bytestream_get_byte(&s->buf) >> 3;
}
} else{
n = (n - 3) >> 1;
- if (s->buf_end - s->buf < n)
+ if (s->buf_end - s->buf < n || 32*3 < n)
return AVERROR(EINVAL);
for (i = 0; i < n; i++){
x = bytestream_get_be16(&s->buf);
return AVERROR(EINVAL);
s->curtileno = bytestream_get_be16(&s->buf); ///< Isot
+ if((unsigned)s->curtileno >= s->numXtiles * s->numYtiles){
+ s->curtileno=0;
+ return AVERROR(EINVAL);
+ }
s->buf += 4; ///< Psot (ignored)
marker = bytestream_get_be16(&s->buf);
if(s->avctx->debug & FF_DEBUG_STARTCODE)
- av_log(s->avctx, AV_LOG_DEBUG, "marker 0x%.4X at pos 0x%x\n", marker, s->buf - s->buf_start - 4);
+ av_log(s->avctx, AV_LOG_DEBUG, "marker 0x%.4X at pos 0x%tx\n", marker, s->buf - s->buf_start - 4);
oldbuf = s->buf;
if (marker == J2K_SOD){
ff_j2k_init_tier1_luts();
- if (s->buf_end - s->buf < 2)
- return AVERROR(EINVAL);
+ if (s->buf_end - s->buf < 2) {
+ ret = AVERROR(EINVAL);
+ goto err_out;
+ }
// check if the image is in jp2 format
if(s->buf_end - s->buf >= 12 &&
(AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) {
if(!jp2_find_codestream(s)) {
av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n");
- return -1;
+ ret = -1;
+ goto err_out;
}
}
if (bytestream_get_be16(&s->buf) != J2K_SOC){
av_log(avctx, AV_LOG_ERROR, "SOC marker not present\n");
- return -1;
+ ret = -1;
+ goto err_out;
}
if (ret = decode_codestream(s))
- return ret;
+ goto err_out;
for (tileno = 0; tileno < s->numXtiles * s->numYtiles; tileno++)
if (ret = decode_tile(s, s->tile + tileno))
- return ret;
+ goto err_out;
cleanup(s);
av_log(s->avctx, AV_LOG_DEBUG, "end\n");
*picture = s->picture;
return s->buf - s->buf_start;
+
+err_out:
+ cleanup(s);
+ return ret;
}
static av_cold int j2kdec_init(AVCodecContext *avctx)
}
AVCodec ff_jpeg2000_decoder = {
- "j2k",
- AVMEDIA_TYPE_VIDEO,
- CODEC_ID_JPEG2000,
- sizeof(J2kDecoderContext),
- j2kdec_init,
- NULL,
- decode_end,
- decode_frame,
+ .name = "j2k",
+ .type = AVMEDIA_TYPE_VIDEO,
+ .id = CODEC_ID_JPEG2000,
+ .priv_data_size = sizeof(J2kDecoderContext),
+ .init = j2kdec_init,
+ .close = decode_end,
+ .decode = decode_frame,
.capabilities = CODEC_CAP_EXPERIMENTAL,
.long_name = NULL_IF_CONFIG_SMALL("JPEG 2000"),
.pix_fmts =
- (enum PixelFormat[]) {PIX_FMT_GRAY8, PIX_FMT_RGB24, -1}
+ (const enum PixelFormat[]) {PIX_FMT_GRAY8, PIX_FMT_RGB24, PIX_FMT_NONE}
};