github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/jpeg2000dec: allow bpno of -1

Browse Source 
Fixes: tickets/4663/levels30.jp2

The file decodes without error messages and no integer overflows
The file before the broader M_b check did decode with error messages and integer overflows but also no visual artifacts

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-01-08 15:13:05 +01:00
parent e1472a4e0c
commit 2df0ef601a
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/jpeg2000dec.c
View File

@@ -1900,7 +1900,7 @@ static void decode_sigpass(Jpeg2000T1Context *t1, int width, int height,
int bpno, int bandno,
int vert_causal_ctx_csty_symbol)
{
int mask = 3 << (bpno - 1), y0, x, y;
int mask = (3u << bpno)>>1, y0, x, y;
for (y0 = 0; y0 < height; y0 += 4)
for (x = 0; x < width; x++)
@@ -1933,7 +1933,7 @@ static void decode_refpass(Jpeg2000T1Context *t1, int width, int height,
int phalf;
int y0, x, y;
phalf = 1 << (bpno - 1);
phalf = 1 << bpno;
for (y0 = 0; y0 < height; y0 += 4)
for (x = 0; x < width; x++)
@@ -1942,11 +1942,11 @@ static void decode_refpass(Jpeg2000T1Context *t1, int width, int height,
int flags_mask = (vert_causal_ctx_csty_symbol && y == y0 + 3) ?
~(JPEG2000_T1_SIG_S | JPEG2000_T1_SIG_SW | JPEG2000_T1_SIG_SE | JPEG2000_T1_SGN_S) : -1;
int ctxno = ff_jpeg2000_getrefctxno(t1->flags[(y + 1) * t1->stride + x + 1] & flags_mask);
t1->data[(y) * t1->stride + x] |= phalf;
t1->data[(y) * t1->stride + x] |= phalf >> 1;
if (ff_mqc_decode(&t1->mqc, t1->mqc.cx_states + ctxno))
t1->data[(y) * t1->stride + x] |= phalf << 1;
t1->data[(y) * t1->stride + x] |= phalf;
else {
t1->data[(y) * t1->stride + x] &= ~(phalf << 1);
t1->data[(y) * t1->stride + x] &= ~(phalf);
}
t1->flags[(y + 1) * t1->stride + x + 1] |= JPEG2000_T1_REF;
@@ -2043,7 +2043,7 @@ static int decode_cblk(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *cod
ff_mqc_initdec(&t1->mqc, cblk->data, 0, 1);
while (passno--) {
if (bpno < 0 || bpno > 29) {
if (bpno < -1 || bpno > 29) {
av_log(s->avctx, AV_LOG_ERROR, "bpno (%d) became invalid\n", bpno);
return AVERROR_INVALIDDATA;
}