[FFmpeg-devel] [PATCH]Avoid a possible overread in the jpeg2000 decoder

[Carl Eugen Hoyos]

Hi!

Attached untested patch intends to avoid a possible overread in broken 
jpeg2000 files.

Please review, Carl Eugen
-------------- next part --------------
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 6959a36..4371368 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1555,6 +1555,11 @@ static int jp2_find_codestream(Jpeg2000DecoderContext *s)
                     int n = bytestream2_get_be16u(&s->g);
                     atom_size  -= 2;
                     atom2_size -= 2;
+                    if (6 * n > atom2_size) {
+                        bytestream2_skipu(&s->g, atom2_size);
+                        atom_size -= atom2_size;
+                        continue;
+                    }
                     for (; n>0; n--) {
                         int cn   = bytestream2_get_be16(&s->g);
                         int typ  = bytestream2_get_be16(&s->g);