opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)

Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
author: Even Rouault <even.rouault@spatialys.com> 2017-07-29 18:38:16 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-07-29 18:38:16 +0200
commit: 3fbe71369019df0b47c7a2be4fab8c05768f2f32 (patch)
tree: e7717bc4b6b2d15cdb776d3f3c540922bd208cc0 /src/lib/openjp2/j2k.c
parent: 5a3e7aaf339943bc988adbada39a1fc8f5046899 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 3d90de1e..3a8f08ea 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8655,6 +8655,9 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k,
     *p_tile_index = p_j2k->m_current_tile_number;
     *p_go_on = OPJ_TRUE;
     *p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+    if (*p_data_size == UINT_MAX) {
+        return OPJ_FALSE;
+    }
     *p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
     *p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
     *p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
author	Even Rouault <even.rouault@spatialys.com>	2017-07-29 18:38:16 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-07-29 18:38:16 +0200
commit	3fbe71369019df0b47c7a2be4fab8c05768f2f32 (patch)
tree	e7717bc4b6b2d15cdb776d3f3c540922bd208cc0 /src/lib/openjp2/j2k.c
parent	5a3e7aaf339943bc988adbada39a1fc8f5046899 (diff)