diff options
| author | Antonin Descampe <antonin@gmail.com> | 2015-09-30 09:00:50 +0200 |
|---|---|---|
| committer | Antonin Descampe <antonin@gmail.com> | 2015-09-30 09:00:50 +0200 |
| commit | 959ebdab5e8f719cd2bfbb4535ea7f4a11cd7283 (patch) | |
| tree | f20e0b761cacd0080adf42f05ec8affddb982a8b /libopenjpeg | |
| parent | 3cee252347e7296bcc5b5b92466c730b7a3f4b74 (diff) | |
Gracefully reject codestreams with malformed SIZ markers
Update #603
Diffstat (limited to 'libopenjpeg')
| -rw-r--r-- | libopenjpeg/j2k.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c index 2bca97ac..71c1c8bb 100644 --- a/libopenjpeg/j2k.c +++ b/libopenjpeg/j2k.c @@ -432,13 +432,17 @@ static void j2k_read_siz(opj_j2k_t *j2k) { opj_event_msg(j2k->cinfo, EVT_ERROR, "invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n", image->x0,image->x1,image->y0,image->y1); + j2k->state |= J2K_STATE_ERR; return; } n_comps = (len - 36 - 2 ) / 3; - assert( (len - 36 - 2 ) % 3 == 0 ); - image->numcomps = cio_read(cio, 2); /* Csiz */ - assert( n_comps == image->numcomps ); + image->numcomps = cio_read(cio, 2); /* Csiz */ + if (((len - 36 - 2 ) % 3 != 0)||(n_comps != image->numcomps)) { + opj_event_msg(j2k->cinfo, EVT_ERROR,"invalid SIZ marker value\n"); + j2k->state |= J2K_STATE_ERR; + return; + } /* testcase 4035.pdf.SIGSEGV.d8b.3375 */ if (image->x0 > image->x1 || image->y0 > image->y1) { |