openjpeg: guard against invalid memory access on crafted files

author: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk> 2017-06-07 16:17:50 +0100
committer: Sebastian Dröge <sebastian@centricular.com> 2017-06-12 10:04:10 +0300
commit: 1d777bf037cd8b114df48338aa9749662eed24ba (patch)
tree: 8ee782b6034948001ec927fbcf2496d5abf5dec4
parent: 700719985c6deb38f55ad736ba5c8ed7def8dbfb (diff)
download: gstreamer-plugins-bad-1d777bf037cd8b114df48338aa9749662eed24ba.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/openjpeg/gstopenjpegdec.c b/ext/openjpeg/gstopenjpegdec.c
index 24f8dabe8..881769b17 100644
--- a/ext/openjpeg/gstopenjpegdec.c
+++ b/ext/openjpeg/gstopenjpegdec.c
@@ -1011,6 +1011,9 @@ gst_openjpeg_dec_handle_frame (GstVideoDecoder * decoder,
   if (!gst_buffer_map (frame->input_buffer, &map, GST_MAP_READ))
     goto map_read_error;
 
+  if (self->is_jp2c && map.size < 8)
+    goto open_error;
+
 #ifdef HAVE_OPENJPEG_1
   io = opj_cio_open ((opj_common_ptr) dec, map.data + (self->is_jp2c ? 8 : 0),
       map.size - (self->is_jp2c ? 8 : 0));
author	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>	2017-06-07 16:17:50 +0100
committer	Sebastian Dröge <sebastian@centricular.com>	2017-06-12 10:04:10 +0300
commit	1d777bf037cd8b114df48338aa9749662eed24ba (patch)
tree	8ee782b6034948001ec927fbcf2496d5abf5dec4
parent	700719985c6deb38f55ad736ba5c8ed7def8dbfb (diff)
download	gstreamer-plugins-bad-1d777bf037cd8b114df48338aa9749662eed24ba.tar.gz