Fix null pointer dereference on partial tile decoding when they are empty. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3297 (master only)

author: Even Rouault <even.rouault@spatialys.com> 2017-09-06 15:59:19 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-09-06 15:59:19 +0200
commit: 003759a4829f3f1baa5a2292956618fecf314818 (patch)
tree: 3be6726cc897d0f1a0a2b493b07170c253fdeb19 /src/lib
parent: e656822f927c869f31f2685c67644eacb75fc5d2 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
index 18270045..c574357a 100644
--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
@@ -1931,7 +1931,14 @@ static OPJ_BOOL opj_dwt_decode_partial_tile(
     OPJ_UINT32 win_tcx1 = tilec->win_x1;
     OPJ_UINT32 win_tcy1 = tilec->win_y1;
 
+    if (tr_max->x0 == tr_max->x1 || tr_max->y0 == tr_max->y1) {
+        return OPJ_TRUE;
+    }
+
     sa = opj_dwt_init_sparse_array(tilec, numres);
+    if (sa == NULL) {
+        return OPJ_FALSE;
+    }
 
     if (numres == 1U) {
         OPJ_BOOL ret = opj_sparse_array_int32_read(sa,
@@ -2641,7 +2648,14 @@ OPJ_BOOL opj_dwt_decode_partial_97(opj_tcd_tilecomp_t* OPJ_RESTRICT tilec,
     OPJ_UINT32 win_tcx1 = tilec->win_x1;
     OPJ_UINT32 win_tcy1 = tilec->win_y1;
 
+    if (tr_max->x0 == tr_max->x1 || tr_max->y0 == tr_max->y1) {
+        return OPJ_TRUE;
+    }
+
     sa = opj_dwt_init_sparse_array(tilec, numres);
+    if (sa == NULL) {
+        return OPJ_FALSE;
+    }
 
     if (numres == 1U) {
         OPJ_BOOL ret = opj_sparse_array_int32_read(sa,
author	Even Rouault <even.rouault@spatialys.com>	2017-09-06 15:59:19 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-09-06 15:59:19 +0200
commit	003759a4829f3f1baa5a2292956618fecf314818 (patch)
tree	3be6726cc897d0f1a0a2b493b07170c253fdeb19 /src/lib
parent	e656822f927c869f31f2685c67644eacb75fc5d2 (diff)