From patchwork Wed Mar 25 03:56:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gautam Ramakrishnan X-Patchwork-Id: 18389 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4698944A932 for ; Wed, 25 Mar 2020 06:03:34 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1146F68B488; Wed, 25 Mar 2020 06:03:34 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f66.google.com (mail-qv1-f66.google.com [209.85.219.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 32F2568B45C for ; Wed, 25 Mar 2020 06:03:27 +0200 (EET) Received: by mail-qv1-f66.google.com with SMTP id cy12so391775qvb.7 for ; Tue, 24 Mar 2020 21:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=8Twv/Zg8MWd629mzLJioWyLWB0jBwgZ8HyMR7bBH+U4=; b=ZnloKT7kRHoP+Wai2vCKSb1jSwByTWV0ZuXACqCSZeLM5TYffC8rG0aGXlSpedsH19 o0XJhDTME3n0T/R+PGTqlKQdeHXQ4tnc3mCQ4pJWsDRJwv0oGa11IyUWmUvWKbU4R3GD YcMDe333CZP8rdDctvpcmQ9vi7SUt3JI55Wzf8K0Xi/C6JOIUFGhZPVrXyE/2biQXkc+ goTKyjLiPsHEWOowGjR71oevzN/X1eOtKlt/t0310kWJ0Xx0oN71qbWWivLjBk10PrMQ ySuqxD7esyzmvQImsxU10NUO1BRxzmvzB/t1DvFk6gYJhyHLTvQKj42VIf2SXfY2wSXE 12sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8Twv/Zg8MWd629mzLJioWyLWB0jBwgZ8HyMR7bBH+U4=; b=jcoqo3hM3+d2+A9izc/VdDtyAkD8jxE1lFGtn+5aSKrBhPg/k6ez5mW5pywnhukriH fDJbxAwN3B86fc5y40Jk99afvQKsD5+pUv2b43YZil4rWwgJJBAoTgu2nvbSfxWqV0KA fK/gQqgEI6SFKh4qeXAIq6FlIXXb5b08OQ4EKKsgdme93QDNQSGrpEP2tMPswlP2LvH+ TGHEm1lIACx9xE7CqZz+D5Rdqpl+u37Z9rw4fFKndgmRcHzqrD7mMpqXYZlK81KvqQRK mKA+YAdXt8ralLVyO/YdLVpg5y+CSOiD/Ab1fyckqqjTaXJeD5qtQNkD1GqBzC19P6Vw FNVg== X-Gm-Message-State: ANhLgQ24BgeQvrBkGRn1C6Hmu5/ChmmRzjD2/4Rf2kPeSSs3DksnQjaz yyPVXs+wKoox/MZ2DEcHZlFyvK/Y4Nw= X-Google-Smtp-Source: ADFU+vtMqwGHnH62eqkotmfCafgzaXhkE5OE0e3zN5zskFruXpmo3/X3g6ePv9JoBpnkFNEHr8iYmQ== X-Received: by 2002:a17:902:d70e:: with SMTP id w14mr1255609ply.181.1585108628107; Tue, 24 Mar 2020 20:57:08 -0700 (PDT) Received: from localhost.localdomain ([122.181.58.76]) by smtp.gmail.com with ESMTPSA id u3sm3448548pjv.32.2020.03.24.20.57.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Mar 2020 20:57:07 -0700 (PDT) From: gautamramk@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Wed, 25 Mar 2020 09:26:56 +0530 Message-Id: <20200325035656.2971-1-gautamramk@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/jpeg2000dec: error check when processing tlm marker X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Gautam Ramakrishnan MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Gautam Ramakrishnan Validate the value of ST field in the TLM marker of JPEG2000. Throw an error when ST takes value of 0x11. --- libavcodec/jpeg2000dec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 019dc81f56..a233bcafc7 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -795,7 +795,7 @@ static int get_sot(Jpeg2000DecoderContext *s, int n) * markers. Parsing the TLM header is needed to increment the input header * buffer. * This marker is mandatory for DCI. */ -static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) +static int get_tlm(Jpeg2000DecoderContext *s, int n) { uint8_t Stlm, ST, SP, tile_tlm, i; bytestream2_get_byte(&s->g); /* Ztlm: skipped */ @@ -803,7 +803,11 @@ static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) // too complex ? ST = ((Stlm >> 4) & 0x01) + ((Stlm >> 4) & 0x02); ST = (Stlm >> 4) & 0x03; - // TODO: Manage case of ST = 0b11 --> raise error + if (ST == 0x03) { + av_log(s, AV_LOG_ERROR, "TLM marker contains invalid ST value.\n"); + return AVERROR_INVALIDDATA; + } + SP = (Stlm >> 6) & 0x01; tile_tlm = (n - 4) / ((SP + 1) * 2 + ST); for (i = 0; i < tile_tlm; i++) {