From patchwork Wed Mar 25 18:36:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gautam Ramakrishnan X-Patchwork-Id: 18395 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id A0CE644AA0D for ; Wed, 25 Mar 2020 20:36:39 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 83C3368B2FD; Wed, 25 Mar 2020 20:36:39 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B631F68B0D8 for ; Wed, 25 Mar 2020 20:36:32 +0200 (EET) Received: by mail-pf1-f194.google.com with SMTP id 23so1487077pfj.1 for ; Wed, 25 Mar 2020 11:36:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=8Twv/Zg8MWd629mzLJioWyLWB0jBwgZ8HyMR7bBH+U4=; b=Rl+SPghYEbOYC6i5i1rPhD/V+OS/m8Wg+LgxttDBerjwvFfdJCDb4QyIZQUAGGiXR9 72h2j5wg5HKNTp+n87lXegP83sm0Rn8iGCy9mF3jC+Wa+tyCfQ9kX0EBzYmvYYJ5I8fA fHgm70a595mPxKUXL8AqP36lAsh0WQPh+GkAD4NFS5W4tjkaLskt4Q+o1PwIOLVpfFML 6ridw4b0vBqNpqpSIPE1NNrHPNecF+wtfLOou6g5VXl+aUIqIPNH9nkMOK8UW7DSqd+l avG11thxHALqPReOzwwE+XVIo5QWyAMN9SJgzZF9Rx2GfafbdZWWXQjU+LUAQJ8X+EhO w4HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8Twv/Zg8MWd629mzLJioWyLWB0jBwgZ8HyMR7bBH+U4=; b=dpWJ4lgMsnbQJU9FO9pgrrUCp6y1KkQVCQzHUAE3qm1rPqTmM1nNWMhAoaWDRWfvy8 C/uHP3HLgRnONMm0TUzRHygTHY8ZUQRvng7Y0JwtqXV368GM0z4IJ1KjqMq17XdaoTTi qNBrYGKXuGu3BKgORh8q3vzbqslIa3h+Lkf8dKioH+X9qPrSSE/b8o0CAWYoFM7Ymqbh Jx2rpLTi/i5oiZKICpQI6EGGgUfK/+IIVLHHdtEKKyiLyxyxVrgtCfCNFJdF5PZ4LMek yYNEKAmNcE4d1jPXCWCaFhn9LzsfiLz0p0+zhUNmAeuuH6QaVqT8OeSUvGTyKCDSguSD 3rKw== X-Gm-Message-State: ANhLgQ1kqrM9slVFGES0aGOYumkoP1jl1Ah+Cc16UfyQbac+AK43StCR R4ghBUbDQu+gWgMKhtENpSSWSNUjM6Q= X-Google-Smtp-Source: ADFU+vvNbvhawyN1iozei9N0FR+7u04jNai10ocuY5F4d0pLd4nnA/5mY4A/ls3c3OyYWxZaI2Vg4Q== X-Received: by 2002:a63:e558:: with SMTP id z24mr4315811pgj.368.1585161390647; Wed, 25 Mar 2020 11:36:30 -0700 (PDT) Received: from localhost.localdomain ([122.181.58.76]) by smtp.gmail.com with ESMTPSA id z132sm15591128pgz.45.2020.03.25.11.36.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2020 11:36:30 -0700 (PDT) From: gautamramk@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Thu, 26 Mar 2020 00:06:23 +0530 Message-Id: <20200325183623.23166-1-gautamramk@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH v2] avcodec/jpeg2000dec: error check when processing tlm marker X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Gautam Ramakrishnan MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Gautam Ramakrishnan Validate the value of ST field in the TLM marker of JPEG2000. Throw an error when ST takes value of 0x11. --- libavcodec/jpeg2000dec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 019dc81f56..a233bcafc7 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -795,7 +795,7 @@ static int get_sot(Jpeg2000DecoderContext *s, int n) * markers. Parsing the TLM header is needed to increment the input header * buffer. * This marker is mandatory for DCI. */ -static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) +static int get_tlm(Jpeg2000DecoderContext *s, int n) { uint8_t Stlm, ST, SP, tile_tlm, i; bytestream2_get_byte(&s->g); /* Ztlm: skipped */ @@ -803,7 +803,11 @@ static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) // too complex ? ST = ((Stlm >> 4) & 0x01) + ((Stlm >> 4) & 0x02); ST = (Stlm >> 4) & 0x03; - // TODO: Manage case of ST = 0b11 --> raise error + if (ST == 0x03) { + av_log(s, AV_LOG_ERROR, "TLM marker contains invalid ST value.\n"); + return AVERROR_INVALIDDATA; + } + SP = (Stlm >> 6) & 0x01; tile_tlm = (n - 4) / ((SP + 1) * 2 + ST); for (i = 0; i < tile_tlm; i++) {