X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fjpeg2000dec.c;h=cc154c3522dc1f335f163880448dcfe0ca58da15;hb=d711d839ca6714a5ef5b53ee51bc7632e62cf203;hp=db7a0c89ba419ee9534828ed718365e361f24536;hpb=f0552e63a669853ac7cd76f201356b8ea1608d6b;p=ffmpeg diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index db7a0c89ba4..cc154c3522d 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -715,6 +715,13 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, } cblk->length += cblk->lengthinc; cblk->lengthinc = 0; + + if (cblk->length > sizeof(cblk->data)) { + av_log(s->avctx, AV_LOG_ERROR, + "Block length %d > data size %zd\n", + cblk->length, sizeof(cblk->data)); + return AVERROR_INVALIDDATA; + } } } return 0; @@ -1160,8 +1167,12 @@ static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, if (s->precision <= 8) { for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; + Jpeg2000CodingStyle *codsty = tile->codsty + compno; float *datap = comp->f_data; int32_t *i_datap = comp->i_data; + int cbps = s->cbps[compno]; + int w = tile->comp[compno].coord[0][1] - s->image_offset_x; + y = tile->comp[compno].coord[1][0] - s->image_offset_y; line = picture->data[0] + y * picture->linesize[0]; for (; y < tile->comp[compno].coord[1][1] - s->image_offset_y; y += s->cdy[compno]) { @@ -1170,18 +1181,24 @@ static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, x = tile->comp[compno].coord[0][0] - s->image_offset_x; dst = line + x * s->ncomponents + compno; - for (; x < tile->comp[compno].coord[0][1] - s->image_offset_x; x += s->cdx[compno]) { - int val; - /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ - if (tile->codsty->transform == FF_DWT97) - val = lrintf(*datap) + (1 << (s->cbps[compno] - 1)); - else - val = *i_datap + (1 << (s->cbps[compno] - 1)); - val = av_clip(val, 0, (1 << s->cbps[compno]) - 1); - *dst = val << (8 - s->cbps[compno]); - datap++; - i_datap++; - dst += s->ncomponents; + if (codsty->transform == FF_DWT97) { + for (; x < w; x += s->cdx[compno]) { + int val = lrintf(*datap) + (1 << (cbps - 1)); + /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ + val = av_clip(val, 0, (1 << cbps) - 1); + *dst = val << (8 - cbps); + datap++; + dst += s->ncomponents; + } + } else { + for (; x < w; x += s->cdx[compno]) { + int val = *i_datap + (1 << (cbps - 1)); + /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ + val = av_clip(val, 0, (1 << cbps) - 1); + *dst = val << (8 - cbps); + i_datap++; + dst += s->ncomponents; + } } line += picture->linesize[0]; } @@ -1189,9 +1206,12 @@ static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, } else { for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; + Jpeg2000CodingStyle *codsty = tile->codsty + compno; float *datap = comp->f_data; int32_t *i_datap = comp->i_data; uint16_t *linel; + int cbps = s->cbps[compno]; + int w = tile->comp[compno].coord[0][1] - s->image_offset_x; y = tile->comp[compno].coord[1][0] - s->image_offset_y; linel = (uint16_t *)picture->data[0] + y * (picture->linesize[0] >> 1); @@ -1199,24 +1219,32 @@ static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, uint16_t *dst; x = tile->comp[compno].coord[0][0] - s->image_offset_x; dst = linel + (x * s->ncomponents + compno); - for (; x < tile->comp[compno].coord[0][1] - s->image_offset_x; x += s-> cdx[compno]) { - int val; - /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ - if (tile->codsty->transform == FF_DWT97) - val = lrintf(*datap) + (1 << (s->cbps[compno] - 1)); - else - val = *i_datap + (1 << (s->cbps[compno] - 1)); - val = av_clip(val, 0, (1 << s->cbps[compno]) - 1); - /* align 12 bit values in little-endian mode */ - *dst = val << (16 - s->cbps[compno]); - datap++; - i_datap++; - dst += s->ncomponents; + if (codsty->transform == FF_DWT97) { + for (; x < w; x += s-> cdx[compno]) { + int val = lrintf(*datap) + (1 << (cbps - 1)); + /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ + val = av_clip(val, 0, (1 << cbps) - 1); + /* align 12 bit values in little-endian mode */ + *dst = val << (16 - cbps); + datap++; + dst += s->ncomponents; + } + } else { + for (; x < w; x += s-> cdx[compno]) { + int val = *i_datap + (1 << (cbps - 1)); + /* DC level shift and clip see ISO 15444-1:2002 G.1.2 */ + val = av_clip(val, 0, (1 << cbps) - 1); + /* align 12 bit values in little-endian mode */ + *dst = val << (16 - cbps); + i_datap++; + dst += s->ncomponents; + } } linel += picture->linesize[0] >> 1; } } } + return 0; } @@ -1263,6 +1291,10 @@ static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s) av_log(s->avctx, AV_LOG_ERROR, "Missing SOT\n"); return AVERROR_INVALIDDATA; } + if (!s->tile) { + av_log(s->avctx, AV_LOG_ERROR, "Missing SIZ\n"); + return AVERROR_INVALIDDATA; + } tile = s->tile + s->curtileno; tp = tile->tile_part + tile->tp_idx; @@ -1438,6 +1470,7 @@ end: static void jpeg2000_init_static_data(AVCodec *codec) { ff_jpeg2000_init_tier1_luts(); + ff_mqc_init_context_tables(); } #define OFFSET(x) offsetof(Jpeg2000DecoderContext, x)