From patchwork Thu Mar 26 04:54:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gautam Ramakrishnan X-Patchwork-Id: 18410 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id AEA69448F19 for ; Thu, 26 Mar 2020 06:54:53 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 806C168AFE6; Thu, 26 Mar 2020 06:54:53 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2873368AFBE for ; Thu, 26 Mar 2020 06:54:46 +0200 (EET) Received: by mail-pg1-f194.google.com with SMTP id x7so2281622pgh.5 for ; Wed, 25 Mar 2020 21:54:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=DkZpf4GRnAio8Oueh16Uhf7w8nvnL7stgrhIpdO02eE=; b=QnUKx9xtQtzQTTHfmuIyY35+pGDxtT1TF+Vk9SswqTsMJz7m3DrOQeL/u/u8Ou5HKb KZz286nrpWjgqmE35T0SIXQsn8fwSyftl+Coqk1Pt6MTwmvKO+CFiUACH7iT9hFHLwYU 6zlLnFABoTqAQxoz7Ys89N8/lhezs80mboSsvTlNcoD9fXgaFucP08O/XitJpT/TAyvq 0sfy/+k2EHQnsdOMXpsh5Sz4ldPXgDFony5Cy4ifgtpvwSw187lvqrWaZbG2tnQWj3Cm GDYO09gO9kGV904DQvQaEX9WGCZeWqn3GJR7Bh3Tp0ijqJ16sjYCbILPFFVeNeuXyJ3D uD4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=DkZpf4GRnAio8Oueh16Uhf7w8nvnL7stgrhIpdO02eE=; b=p/d0gQxJqVVl4r9FOBGbkINwQT/WfdCBam9TNBQ10vHdGH37ZeauqZMooehcciOUFS D6u/e3yEV35A/lrDjS5GmaUKnlOtoszIZhOHod6ZHMtZ7OVN9IvIImurikZmkWmOo7YM Nalq7CxNAKoQbH5ouhiJu4tpTJWax1gAhRg41TGySw8xZHHTsUX+Wpdk9IRWsihMcJdO ybuiZxs80+/1l2IxQ/n5MFlXiDkkNeDThszGVkzI6VH3EiiSFrYpoBXeV0gQxNeuA6De XUv6l58CZIfe0ElMurfBzub2e+U/LmjDEFT3BYZ+LOJVr2uvzbA1zWHOS6aieW9cZ2zM avqA== X-Gm-Message-State: ANhLgQ2HfCmGOWjnQhCBot247utL6fmUQW9orYq99Az+8CeXp6q5rwGb Ivlp9SIBYDgJF16L3KokAr7zzpYMUNs= X-Google-Smtp-Source: ADFU+vtt5rpPlILbHmME4nWSDNawzErZWFKk0BiXI62VofPc2slnz5pr5U0BeKCIVkvDkzdEbER+Dg== X-Received: by 2002:a62:d407:: with SMTP id a7mr7068865pfh.57.1585198483925; Wed, 25 Mar 2020 21:54:43 -0700 (PDT) Received: from localhost.localdomain ([122.181.58.76]) by smtp.gmail.com with ESMTPSA id x3sm614007pfp.167.2020.03.25.21.54.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Mar 2020 21:54:43 -0700 (PDT) From: gautamramk@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Thu, 26 Mar 2020 10:24:36 +0530 Message-Id: <20200326045436.30110-1-gautamramk@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH v3] avcodec/jpeg2000dec: error check when processing tlm marker X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Gautam Ramakrishnan MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Gautam Ramakrishnan Validate the value of ST field in the TLM marker of JPEG2000. Throw an error when ST takes value of 0b11. --- libavcodec/jpeg2000dec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 019dc81f56..7103cd6ceb 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -795,7 +795,7 @@ static int get_sot(Jpeg2000DecoderContext *s, int n) * markers. Parsing the TLM header is needed to increment the input header * buffer. * This marker is mandatory for DCI. */ -static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) +static int get_tlm(Jpeg2000DecoderContext *s, int n) { uint8_t Stlm, ST, SP, tile_tlm, i; bytestream2_get_byte(&s->g); /* Ztlm: skipped */ @@ -803,7 +803,11 @@ static uint8_t get_tlm(Jpeg2000DecoderContext *s, int n) // too complex ? ST = ((Stlm >> 4) & 0x01) + ((Stlm >> 4) & 0x02); ST = (Stlm >> 4) & 0x03; - // TODO: Manage case of ST = 0b11 --> raise error + if (ST == 0x03) { + av_log(s->avctx, AV_LOG_ERROR, "TLM marker contains invalid ST value.\n"); + return AVERROR_INVALIDDATA; + } + SP = (Stlm >> 6) & 0x01; tile_tlm = (n - 4) / ((SP + 1) * 2 + ST); for (i = 0; i < tile_tlm; i++) {