avcodec/jpeg2000dec: More completely check cdef

Fixes out of array access Fixes: j2k-poc.bin Found-by: Lucas Leong <wmliang.tw@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0aada30510d809bccfd539a90ea37b61188f2cb4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-01-27 17:13:10 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-02-01 02:12:22 +0100
commit: a944744f197a747251ace1bb7eb58eee0341ca10 (patch)
tree: 3b179bd6e390a2a400defc96bba9494f9b754228
parent: 9a1433683cf30ddb163ded30bdb1c59759a8f07f (diff)
download: ffmpeg-a944744f197a747251ace1bb7eb58eee0341ca10.tar.gz
1 files changed, 9 insertions, 5 deletions
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 67f88d9bc3..c80d6f7f3b 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1292,11 +1292,15 @@ static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
     if (tile->codsty[0].mct)
         mct_decode(s, tile);
 
-    if (s->cdef[0] < 0) {
-        for (x = 0; x < s->ncomponents; x++)
-            s->cdef[x] = x + 1;
-        if ((s->ncomponents & 1) == 0)
-            s->cdef[s->ncomponents-1] = 0;
+    for (x = 0; x < s->ncomponents; x++) {
+        if (s->cdef[x] < 0) {
+            for (x = 0; x < s->ncomponents; x++) {
+                s->cdef[x] = x + 1;
+            }
+            if ((s->ncomponents & 1) == 0)
+                s->cdef[s->ncomponents-1] = 0;
+            break;
+        }
     }
 
     if (s->precision <= 8) {
author	Michael Niedermayer <michael@niedermayer.cc>	2016-01-27 17:13:10 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-02-01 02:12:22 +0100
commit	a944744f197a747251ace1bb7eb58eee0341ca10 (patch)
tree	3b179bd6e390a2a400defc96bba9494f9b754228
parent	9a1433683cf30ddb163ded30bdb1c59759a8f07f (diff)
download	ffmpeg-a944744f197a747251ace1bb7eb58eee0341ca10.tar.gz