From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5727645D53 for ; Tue, 6 Jun 2023 16:20:39 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C5B9668C1E6; Tue, 6 Jun 2023 19:20:36 +0300 (EEST) Received: from mail-oo1-f41.google.com (mail-oo1-f41.google.com [209.85.161.41]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8028768C1A7 for ; Tue, 6 Jun 2023 19:20:30 +0300 (EEST) Received: by mail-oo1-f41.google.com with SMTP id 006d021491bc7-5584f8ec30cso4677035eaf.0 for ; Tue, 06 Jun 2023 09:20:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686068428; x=1688660428; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=vb1r9wEtC1ko4GH2VGDxP+XVn4X7TrJd3xkWq6/VnWY=; b=hvzd8/kbjqpOdlMxZp9Coc6JqPU+8v4gKx1hwbwKCalfZDojxK06g9U1i3f1wU1pFP mCPqf/o/du7QqiatXTF4pF2LuVBrkLmlMEWnnvwcUAE5WTBSmZJDjiEb3Fctw/jlMhI2 Nw9wxeMjeT6oVkrkawpe71BE3gLT7rXaUOJv4JaYCbS+dGNggySSTc809zJiMtsir/tq QURznOwV2W6bVstoPga9hbtOzIZxe5+WeLKZfg/k/1oIRz+KauYGRXtlFLn5qJ2Yi39d AiThYYNHJeKts3akC3A4G5LQlWSOlSSxaL0jWMzIX0xx2jChwYgjZj5SnICOIwACusHM YA6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686068428; x=1688660428; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vb1r9wEtC1ko4GH2VGDxP+XVn4X7TrJd3xkWq6/VnWY=; b=cTxEpoZbjkAMlpwzkcK5YBFxpLXqGMRDYh5x8OxFcLwAm+MJoyAQvtsO+eIViF4VZe V9y9IICPNXT00C+y7x5Br/OScOvyV909ywD4dgOhBivmA3ZBNmKjeQ2u7ffk57AOeIEZ MvrOEMrmmgz6cQzTxkI0eiIJ5rO2cruV597//w3ojqJhZg/6xnnGIt8iFutRsJKki1Gy 0nnwM49KPdvJHqMwYil0iclM3kglEo1h2mIP0ueoaeYGXXZyKYDxowebkzMhWSKZbdBN 2wOBY7t0S8AX/TYgRCi8+50hIpOxUZWMAOqSOSgdBXESM0ZHNRLCOV6ECovj75SnFU1z +T6g== X-Gm-Message-State: AC+VfDzTAZ8ZN6B07ks+SUzqUn/X3gw++gnZ9MMETnE0UgSVpLA++vnP 1MKgbxfDPxSsvQdEt4oCFg+FDQLByeY= X-Google-Smtp-Source: ACHHUZ7ujlvwSaHpCIaZ6BJOjfPiruUG4vyjO0294Y73Uyle8HE4tGwEwDJKPAd0Cg7owVh9sDy+iA== X-Received: by 2002:a4a:da55:0:b0:558:c15c:f62e with SMTP id f21-20020a4ada55000000b00558c15cf62emr1816519oou.8.1686068428453; Tue, 06 Jun 2023 09:20:28 -0700 (PDT) Received: from [192.168.0.12] (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id m24-20020a4add18000000b0055b05526722sm764950oou.20.2023.06.06.09.20.27 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 06 Jun 2023 09:20:27 -0700 (PDT) Message-ID: <468d6618-c8d5-485a-9052-dadf9befc6fb@gmail.com> Date: Tue, 6 Jun 2023 13:20:39 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20230605180404.130456-1-etemesicaleb@gmail.com> From: James Almer In-Reply-To: <20230605180404.130456-1-etemesicaleb@gmail.com> Subject: Re: [FFmpeg-devel] [PATCH] avcodec/jpeg2000htdec: Check for invalid magref length. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 6/5/2023 3:04 PM, etemesicaleb@gmail.com wrote: > From: caleb > > --- > libavcodec/jpeg2000htdec.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c > index 51cd96e0f1..474d671ee0 100644 > --- a/libavcodec/jpeg2000htdec.c > +++ b/libavcodec/jpeg2000htdec.c > @@ -1101,8 +1101,8 @@ static void jpeg2000_decode_sigprop_segment(Jpeg2000Cblk *cblk, uint16_t width, > * See procedure decodeSigPropMag at Rec. ITU-T T.814, 7.5. > */ > static int > -jpeg2000_decode_magref_segment(Jpeg2000Cblk *cblk, uint16_t width, uint16_t block_height, uint8_t *magref_segment, > - uint32_t magref_length, uint8_t pLSB, int32_t *sample_buf, uint8_t *block_states) > +jpeg2000_decode_magref_segment(const Jpeg2000DecoderContext *s,Jpeg2000Cblk *cblk, uint16_t width, uint16_t block_height, uint8_t *magref_segment, > + uint32_t magref_length, uint8_t pLSB, int32_t *sample_buf, uint8_t *block_states) This could be split in three lines. > { > > StateVars mag_ref = { 0 }; > @@ -1111,6 +1111,10 @@ jpeg2000_decode_magref_segment(Jpeg2000Cblk *cblk, uint16_t width, uint16_t bloc > uint16_t i_start = 0; > int32_t *sp; > > + if (magref_length < 2){ > + av_log(s->avctx,AV_LOG_ERROR,"Invalid magnitude refinement length\n"); > + return AVERROR_INVALIDDATA; > + } Why not add this check and log call before calling jpeg2000_decode_magref_segment()? That way you don't need to add Jpeg2000DecoderContext as a parameter to it. > jpeg2000_init_mag_ref(&mag_ref, magref_length); > > for (int n1 = 0; n1 < num_v_stripe; n1++) { > @@ -1261,7 +1265,7 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c > pLSB - 1, sample_buf, block_states); > > if (cblk->npasses > 2) > - if ((ret = jpeg2000_decode_magref_segment(cblk, width, height, Dref, Lref, > + if ((ret = jpeg2000_decode_magref_segment(s,cblk, width, height, Dref, Lref, > pLSB - 1, sample_buf, block_states)) < 0) > goto free; > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".