From patchwork Tue Mar 24 19:36:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gautam Ramakrishnan X-Patchwork-Id: 18387 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3F9D944BAE6 for ; Tue, 24 Mar 2020 21:43:17 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1788A68B1D0; Tue, 24 Mar 2020 21:43:17 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-il1-f193.google.com (mail-il1-f193.google.com [209.85.166.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 724BF68AF30 for ; Tue, 24 Mar 2020 21:43:10 +0200 (EET) Received: by mail-il1-f193.google.com with SMTP id j69so17955401ila.11 for ; Tue, 24 Mar 2020 12:43:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=/OxuKUObDWjaJFIw69PebyqVR7O+K6Mp9ukgI4otK/g=; b=AZq+J4iDiBaYDPj7pwoWiWmKJMeDP+Zt11qMD7iPhlh6d6x5XYlsxd9bVsvoE68n3H 9a7bQma83RS19JyCC2PX1zjlndj8AkkWZyDeWPsmHsjXb09xgG3XniQsJpHOkx8iJa5N pDnI2hR4E73OGQTx1msEtU7qMf+nDeUknxrdk5SKBunExKMjWVqjNZU3jwnfs9XJrgyG OBaSi7EE5QDgW4GxkPHrnLD5j0D3b8r5tN8DzIYtaYd9TsXaSJQk1sK2Z2qP3KBXWnLF qt3suHoSA30Wg2zjLuJR2ovuRQh28YXDfQaBZ0JQI/WOWCxomMsxpFHCq61nT13BhbI7 4zUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=/OxuKUObDWjaJFIw69PebyqVR7O+K6Mp9ukgI4otK/g=; b=pZO2ti/VAYjhYV/R7wtsb98YVPFwv11VluILR+6XhRdDc62G6Llb6kmjWwZst7aS6I MnMPxMfybYvx+IqMB8lXeInCSdXFjOpHMgI2mWIlLmoomXQ/7rUBViJfs4hBKYue8ELu gokd1yymrCoFSnk2Tl2I3XZEqnW6SEWAItck++Ftq306wfmpZ1qns/Om6DhyLeLAwHKX V8T+XpPpOV6jr8nIT1XHEPYgM0llCvRfHIvuYzpN4IZXzVF0+b9bh648OrgHA1ZFoRAY pR2r4SdLz9gKjnQZxPDuhBcRATaKzsoxLR068jiAF/x5+Utzc4804vabjerV/XAeVEFn RRHg== X-Gm-Message-State: ANhLgQ1lKt7OtbHls0q+uU/aUSFwYaKnbl6lRF1cxQuW4ZE6awp3BxhY mKYiVh7NLIgkY/K41VGesx6E3p/EnGw= X-Google-Smtp-Source: ADFU+vtbvwggy+DIaoBbbONmj5pdEQtgdfx4CG2+xPrbpdH701MvJLR+ZUiruuAo7IE+fK7rQX7Jwg== X-Received: by 2002:a63:a06e:: with SMTP id u46mr11596029pgn.140.1585078590562; Tue, 24 Mar 2020 12:36:30 -0700 (PDT) Received: from localhost.localdomain ([122.181.58.76]) by smtp.gmail.com with ESMTPSA id x75sm17101250pfc.161.2020.03.24.12.36.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Mar 2020 12:36:29 -0700 (PDT) From: gautamramk@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Wed, 25 Mar 2020 01:06:15 +0530 Message-Id: <20200324193615.18487-1-gautamramk@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/jpeg2000dec: error check when processing tlm marker X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Gautam Ramakrishnan MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Gautam Ramakrishnan Validate the value of ST field in the TLM marker of JPEG2000. Throw an error when ST takes value of 0x11. --- libavcodec/jpeg2000dec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 019dc81f56..74d70b686f 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -803,7 +803,11 @@ static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) // too complex ? ST = ((Stlm >> 4) & 0x01) + ((Stlm >> 4) & 0x02); ST = (Stlm >> 4) & 0x03; - // TODO: Manage case of ST = 0b11 --> raise error + if (ST == 0x11) { + av_log(s, AV_LOG_ERROR, "TLM marker contains invalid ST value.\n"); + return AVERROR_INVALIDDATA; + } + SP = (Stlm >> 6) & 0x01; tile_tlm = (n - 4) / ((SP + 1) * 2 + ST); for (i = 0; i < tile_tlm; i++) {