diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-09-20 00:43:54 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-09-20 00:43:54 +0200 |
| commit | 9cba05762ded66b803df94b00adbd5a97727da95 (patch) | |
| tree | f6de655e96025a13ed0c9c5b3930a05885397359 /src/lib | |
| parent | 8df07d5866c9e3517bf04a7abee4a07a04735df4 (diff) | |
Avoid index-out-of-bounds access when invoking opj_compress with -n 11 or higher. But not a proper fix itself (refs #493)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/openjp2/dwt.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c index c574357a..5b98d2b3 100644 --- a/src/lib/openjp2/dwt.c +++ b/src/lib/openjp2/dwt.c @@ -216,6 +216,8 @@ static void opj_v4dwt_decode_step2(opj_v4_t* l, opj_v4_t* w, /* <summary> */ /* This table contains the norms of the 5-3 wavelets for different bands. */ /* </summary> */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { {1.000, 1.500, 2.750, 5.375, 10.68, 21.34, 42.67, 85.33, 170.7, 341.3}, {1.038, 1.592, 2.919, 5.703, 11.33, 22.64, 45.25, 90.48, 180.9}, @@ -226,6 +228,8 @@ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { /* <summary> */ /* This table contains the norms of the 9-7 wavelets for different bands. */ /* </summary> */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms_real[4][10] = { {1.000, 1.965, 4.177, 8.403, 16.90, 33.84, 67.69, 135.3, 270.6, 540.9}, {2.022, 3.989, 8.355, 17.04, 34.27, 68.63, 137.3, 274.6, 549.0}, @@ -1229,6 +1233,14 @@ OPJ_UINT32 opj_dwt_getgain(OPJ_UINT32 orient) /* </summary> */ OPJ_FLOAT64 opj_dwt_getnorm(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms[orient][level]; } @@ -1254,6 +1266,14 @@ OPJ_UINT32 opj_dwt_getgain_real(OPJ_UINT32 orient) /* </summary> */ OPJ_FLOAT64 opj_dwt_getnorm_real(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms_real[orient][level]; } |