X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fjpeg2000dec.c;h=849b0f72625f122be30e7b1ae64ea5ad4b05df29;hb=1fec347ef56bc3f501ffdfe0d253e768666aac7f;hp=31f3db8d6893ea87f51bff378409157e41e3a47e;hpb=9ffc61b1256e42c54766e73fd899a57261eb9b3b;p=ffmpeg diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 31f3db8d689..849b0f72625 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -30,6 +30,7 @@ #include "libavutil/attributes.h" #include "libavutil/avassert.h" #include "libavutil/common.h" +#include "libavutil/imgutils.h" #include "libavutil/opt.h" #include "libavutil/pixdesc.h" #include "avcodec.h" @@ -38,6 +39,7 @@ #include "thread.h" #include "jpeg2000.h" #include "jpeg2000dsp.h" +#include "profiles.h" #define JP2_SIG_TYPE 0x6A502020 #define JP2_SIG_VALUE 0x0D0A870A @@ -279,6 +281,10 @@ static int get_siz(Jpeg2000DecoderContext *s) avpriv_request_sample(s->avctx, "Support for image offsets"); return AVERROR_PATCHWELCOME; } + if (av_image_check_size(s->width, s->height, 0, s->avctx)) { + avpriv_request_sample(s->avctx, "Large Dimensions"); + return AVERROR_PATCHWELCOME; + } if (ncomponents <= 0) { av_log(s->avctx, AV_LOG_ERROR, "Invalid number of components: %d\n", @@ -826,10 +832,10 @@ static int init_tile(Jpeg2000DecoderContext *s, int tileno) if (!tile->comp) return AVERROR(ENOMEM); - tile->coord[0][0] = av_clip(tilex * s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); - tile->coord[0][1] = av_clip((tilex + 1) * s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); - tile->coord[1][0] = av_clip(tiley * s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); - tile->coord[1][1] = av_clip((tiley + 1) * s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); + tile->coord[0][0] = av_clip(tilex * (int64_t)s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); + tile->coord[0][1] = av_clip((tilex + 1) * (int64_t)s->tile_width + s->tile_offset_x, s->image_offset_x, s->width); + tile->coord[1][0] = av_clip(tiley * (int64_t)s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); + tile->coord[1][1] = av_clip((tiley + 1) * (int64_t)s->tile_height + s->tile_offset_y, s->image_offset_y, s->height); for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; @@ -1488,6 +1494,10 @@ static int decode_cblk(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *codsty, ff_mqc_initdec(&t1->mqc, cblk->data, 0, 1); while (passno--) { + if (bpno < 0) { + av_log(s->avctx, AV_LOG_ERROR, "bpno became negative\n"); + return AVERROR_INVALIDDATA; + } switch(pass_t) { case 0: decode_sigpass(t1, width, height, bpno + 1, bandpos, @@ -1797,6 +1807,7 @@ static void jpeg2000_dec_cleanup(Jpeg2000DecoderContext *s) memset(s->properties, 0, sizeof(s->properties)); memset(&s->poc , 0, sizeof(s->poc)); s->numXtiles = s->numYtiles = 0; + s->ncomponents = 0; } static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s) @@ -1854,6 +1865,10 @@ static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s) switch (marker) { case JPEG2000_SIZ: + if (s->ncomponents) { + av_log(s->avctx, AV_LOG_ERROR, "Duplicate SIZ\n"); + return AVERROR_INVALIDDATA; + } ret = get_siz(s); if (!s->tile) s->numXtiles = s->numYtiles = 0; @@ -2128,15 +2143,6 @@ static const AVOption options[] = { { NULL }, }; -static const AVProfile profiles[] = { - { FF_PROFILE_JPEG2000_CSTREAM_RESTRICTION_0, "JPEG 2000 codestream restriction 0" }, - { FF_PROFILE_JPEG2000_CSTREAM_RESTRICTION_1, "JPEG 2000 codestream restriction 1" }, - { FF_PROFILE_JPEG2000_CSTREAM_NO_RESTRICTION, "JPEG 2000 no codestream restrictions" }, - { FF_PROFILE_JPEG2000_DCINEMA_2K, "JPEG 2000 digital cinema 2K" }, - { FF_PROFILE_JPEG2000_DCINEMA_4K, "JPEG 2000 digital cinema 4K" }, - { FF_PROFILE_UNKNOWN }, -}; - static const AVClass jpeg2000_class = { .class_name = "jpeg2000", .item_name = av_default_item_name, @@ -2156,5 +2162,5 @@ AVCodec ff_jpeg2000_decoder = { .decode = jpeg2000_decode_frame, .priv_class = &jpeg2000_class, .max_lowres = 5, - .profiles = NULL_IF_CONFIG_SMALL(profiles) + .profiles = NULL_IF_CONFIG_SMALL(ff_jpeg2000_profiles) };