Fix Out-of-Bounds Access in function opj_tgt_reset

Fix uclouvain/openjpeg#775
author: mayeut <mayeut@users.noreply.github.com> 2016-05-08 20:10:13 +0200
committer: mayeut <mayeut@users.noreply.github.com> 2016-05-08 20:10:13 +0200
commit: 1a8318f6c24623189ecb65e049267c6f2e005c0e (patch)
tree: 30530d8c21e43d7bc8117562bbdffbe4d4e670a6 /src/lib/openjp2/j2k.c
parent: 162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 8086b004..9eaa155e 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8889,6 +8889,10 @@ static OPJ_BOOL opj_j2k_read_SPCod_SPCoc(  opj_j2k_t *p_j2k,
 
         opj_read_bytes(l_current_ptr,&l_tccp->cblksty ,1);              /* SPcoc (G) */
         ++l_current_ptr;
+        if (l_tccp->cblksty & 0xC0U) { /* 2 msb are reserved, assume we can't read */
+                opj_event_msg(p_manager, EVT_ERROR, "Error reading SPCod SPCoc element, Invalid code-block style found\n");
+                return OPJ_FALSE;
+        }
 
         opj_read_bytes(l_current_ptr,&l_tccp->qmfbid ,1);               /* SPcoc (H) */
         ++l_current_ptr;
author	mayeut <mayeut@users.noreply.github.com>	2016-05-08 20:10:13 +0200
committer	mayeut <mayeut@users.noreply.github.com>	2016-05-08 20:10:13 +0200
commit	1a8318f6c24623189ecb65e049267c6f2e005c0e (patch)
tree	30530d8c21e43d7bc8117562bbdffbe4d4e670a6 /src/lib/openjp2/j2k.c
parent	162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 (diff)