diff options
| author | Antonin Descampe <antonin@gmail.com> | 2016-09-20 18:59:30 +0200 |
|---|---|---|
| committer | Antonin Descampe <antonin@gmail.com> | 2016-09-20 19:04:49 +0200 |
| commit | 04a00aab654cee283879d6f93d7d868b9645a0f0 (patch) | |
| tree | 6e8f37abc45356f87ceea686c002c370ab60fef2 | |
| parent | b7d73d7b257ceecc63f7c2a9a6bbd35968a79e2a (diff) | |
Merge pull request #834 from trylab/issue833
Fix issue 833.
| -rw-r--r-- | src/bin/jp2/convertbmp.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c index d264823f..ae83077c 100644 --- a/src/bin/jp2/convertbmp.c +++ b/src/bin/jp2/convertbmp.c @@ -675,10 +675,28 @@ opj_image_t* bmptoimage(const char *filename, opj_cparameters_t *parameters) } } + if (Info_h.biWidth == 0 || Info_h.biHeight == 0) { + fclose(IN); + return NULL; + } + + if (Info_h.biBitCount > (((OPJ_UINT32)-1) - 31) / Info_h.biWidth) { + fclose(IN); + return NULL; + } stride = ((Info_h.biWidth * Info_h.biBitCount + 31U) / 32U) * 4U; /* rows are aligned on 32bits */ if (Info_h.biBitCount == 4 && Info_h.biCompression == 2) { /* RLE 4 gets decoded as 8 bits data for now... */ + if (8 > (((OPJ_UINT32)-1) - 31) / Info_h.biWidth) { + fclose(IN); + return NULL; + } stride = ((Info_h.biWidth * 8U + 31U) / 32U) * 4U; } + + if (stride > ((OPJ_UINT32)-1) / sizeof(OPJ_UINT8) / Info_h.biHeight) { + fclose(IN); + return NULL; + } pData = (OPJ_UINT8 *) calloc(1, stride * Info_h.biHeight * sizeof(OPJ_UINT8)); if (pData == NULL) { fclose(IN); |