diff options
| author | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2014-02-25 13:50:29 +0000 |
|---|---|---|
| committer | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2014-02-25 13:50:29 +0000 |
| commit | 7ce3f3c1a636439a6f0dc5fffc58f7f69f9febd4 (patch) | |
| tree | 4e215f0b04f174fab25ae87a53a8c0044a6b9d83 /src/lib | |
| parent | a466755bbb02b6e02f4d1e34f5c2f32df7b71d75 (diff) | |
[trunk] Import commit 4cee6ceab21025079f439bb152fb9d8ae8c5c832 from ghostpdl
Bug 694906: fix potential heap overflow in opj_t2_read_packet_header
Update issue 225
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/openjp2/t2.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c index 7c1eb704..17d5b22c 100644 --- a/src/lib/openjp2/t2.c +++ b/src/lib/openjp2/t2.c @@ -885,7 +885,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + if (p_max_length < 2) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { printf("Error : expected EPH marker\n"); } else { l_header_data += 2; @@ -1014,7 +1016,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + if (p_max_length < 2) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */ } else { l_header_data += 2; |