openjpeg: guard against invalid memory access on crafted files

author: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk> 2017-06-07 16:17:50 +0100
committer: Sebastian Dröge <sebastian@centricular.com> 2017-06-12 10:03:18 +0300
commit: 5282d12aef95e3b29c1772f2ec2079bb01ec2269 (patch)
tree: 43da0ef952d3e33eb22ed9f6ed29765157f9589b
parent: 95122c0c2113c5a4029da4339a967feb77a734cd (diff)
download: gstreamer-plugins-bad-5282d12aef95e3b29c1772f2ec2079bb01ec2269.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/openjpeg/gstopenjpegdec.c b/ext/openjpeg/gstopenjpegdec.c
index 60b954332..933c79d1c 100644
--- a/ext/openjpeg/gstopenjpegdec.c
+++ b/ext/openjpeg/gstopenjpegdec.c
@@ -1012,6 +1012,9 @@ gst_openjpeg_dec_handle_frame (GstVideoDecoder * decoder,
   if (!gst_buffer_map (frame->input_buffer, &map, GST_MAP_READ))
     goto map_read_error;
 
+  if (self->is_jp2c && map.size < 8)
+    goto open_error;
+
 #ifdef HAVE_OPENJPEG_1
   io = opj_cio_open ((opj_common_ptr) dec, map.data + (self->is_jp2c ? 8 : 0),
       map.size - (self->is_jp2c ? 8 : 0));
author	Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>	2017-06-07 16:17:50 +0100
committer	Sebastian Dröge <sebastian@centricular.com>	2017-06-12 10:03:18 +0300
commit	5282d12aef95e3b29c1772f2ec2079bb01ec2269 (patch)
tree	43da0ef952d3e33eb22ed9f6ed29765157f9589b
parent	95122c0c2113c5a4029da4339a967feb77a734cd (diff)
download	gstreamer-plugins-bad-5282d12aef95e3b29c1772f2ec2079bb01ec2269.tar.gz