diff options
| author | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2012-09-12 17:11:17 +0000 |
|---|---|---|
| committer | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2012-09-12 17:11:17 +0000 |
| commit | 02734264a197d232319df2a51b85a39492e3c0c0 (patch) | |
| tree | 295353b4a7a2ddf9ed5bb9e24dc8c0e7b6760ef6 /libopenjpeg | |
| parent | 4a845f3d04ecd072177925044885f730ad4a9c31 (diff) | |
[trunk] Fix possible code execution vuln
Thanks to Huzaifa Sidhpurwala of Red Hat Security Response Team for patch + dataset to reproduce issue.
Technically kdu_expand works fine on the image...
Fixes issue 175
Diffstat (limited to 'libopenjpeg')
| -rw-r--r-- | libopenjpeg/j2k.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c index de70be75..c76bcba5 100644 --- a/libopenjpeg/j2k.c +++ b/libopenjpeg/j2k.c @@ -7052,6 +7052,11 @@ opj_bool opj_j2k_read_tile_header( opj_j2k_v2_t * p_j2k, return OPJ_FALSE; } + if (!l_marker_handler->handler) { + /* See issue #175 */ + opj_event_msg_v2(p_manager, EVT_ERROR, "Not sure how that happened.\n"); + return OPJ_FALSE; + } /* Read the marker segment with the correct marker handler */ if (! (*(l_marker_handler->handler))(p_j2k,p_j2k->m_specific_param.m_decoder.m_header_data,l_marker_size,p_manager)) { opj_event_msg_v2(p_manager, EVT_ERROR, "Fail to read the current marker segment (%#x)\n", l_current_marker); |