diff options
| author | Antonin Descampe <antonin@gmail.com> | 2008-05-22 12:34:29 +0000 |
|---|---|---|
| committer | Antonin Descampe <antonin@gmail.com> | 2008-05-22 12:34:29 +0000 |
| commit | f4d394d9324f12e820339fce0182b1d47f831059 (patch) | |
| tree | 7282909760fed9d11c664178911a382cb11d55bb | |
| parent | 65e5ff0fb4dbdd4db7450da4d10339625dcdb0c1 (diff) | |
additional test to avoid crash due to invalid image size, patch by Christopher Layne
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | libopenjpeg/j2k.c | 7 |
2 files changed, 10 insertions, 0 deletions
@@ -5,6 +5,9 @@ What's New for OpenJPEG ! : changed + : added +May 22, 2008 +* [antonin] additional test to avoid crash due to invalid image size, patch by Christopher Layne + May 20, 2008 * [antonin] memory leak fixed in openjpeg.c (opj_destroy_cstr_info()), patch by Carsten Juttner diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c index 8e7b1ce0..bd4a1bd6 100644 --- a/libopenjpeg/j2k.c +++ b/libopenjpeg/j2k.c @@ -467,6 +467,13 @@ static void j2k_read_siz(opj_j2k_t *j2k) { cp->tx0 = cio_read(cio, 4); /* XT0siz */ cp->ty0 = cio_read(cio, 4); /* YT0siz */ + if ((image->x0<0)||(image->x1<0)||(image->y0<0)||(image->y1<0)) { + opj_event_msg(j2k->cinfo, EVT_ERROR, + "%s: invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n", + image->x0,image->x1,image->y0,image->y1); + return; + } + image->numcomps = cio_read(cio, 2); /* Csiz */ #ifdef USE_JPWL |