backport fixes for issues #362 (-2863) and #393 on branch 1.5

author: Antonin Descampe <antonin@gmail.com> 2015-09-16 16:51:15 +0200
committer: Antonin Descampe <antonin@gmail.com> 2015-09-16 16:51:15 +0200
commit: e755ebd1b004648dfb5c3e17e1223e12f3a87ad7 (patch)
tree: 1afa40f591234009b1548ea047535f7ce8482ffb /libopenjpeg
parent: f35aaa8a82e6f14c85e8275a4748572bc27b1997 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c
index c8fdc7c2..06e7b061 100644
--- a/libopenjpeg/j2k.c
+++ b/libopenjpeg/j2k.c
@@ -1235,6 +1235,7 @@ static void j2k_read_ppm(opj_j2k_t *j2k) {
 	
 	Z_ppm = cio_read(cio, 1);	/* Z_ppm */
 	len -= 3;
+
 	while (len > 0) {
 		if (cp->ppm_previous == 0) {
 			N_ppm = cio_read(cio, 4);	/* N_ppm */
@@ -1242,9 +1243,16 @@ static void j2k_read_ppm(opj_j2k_t *j2k) {
 		} else {
 			N_ppm = cp->ppm_previous;
 		}
+
+        /* issue 362-2863, issue 393 */
+        if (N_ppm < 0) {
+            j2k->state = J2K_STATE_ERR;
+            return;
+        }
+
 		j = cp->ppm_store;
-		if (Z_ppm == 0) {	/* First PPM marker */
-			cp->ppm_data = (unsigned char *) opj_malloc(N_ppm * sizeof(unsigned char));
+        if (Z_ppm == 0) {	/* First PPM marker */
+            cp->ppm_data = (unsigned char *) opj_malloc(N_ppm * sizeof(unsigned char));
 			cp->ppm_data_first = cp->ppm_data;
 			cp->ppm_len = N_ppm;
 		} else {			/* NON-first PPM marker */
author	Antonin Descampe <antonin@gmail.com>	2015-09-16 16:51:15 +0200
committer	Antonin Descampe <antonin@gmail.com>	2015-09-16 16:51:15 +0200
commit	e755ebd1b004648dfb5c3e17e1223e12f3a87ad7 (patch)
tree	1afa40f591234009b1548ea047535f7ce8482ffb /libopenjpeg
parent	f35aaa8a82e6f14c85e8275a4748572bc27b1997 (diff)