diff options
| author | headshog <124502670+headshog@users.noreply.github.com> | 2024-05-31 19:19:38 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-31 18:19:38 +0200 |
| commit | 2c0823cb30a70319c704565b59f496e490a3c7f9 (patch) | |
| tree | bd9703bd0cf28b4703139aeef1ec242aa37f8f25 /src | |
| parent | 1f979c554ce1ac8df0e6cb08a032687afbcf528b (diff) | |
Fix Integer Overflow at j2k.c:9614 (#1530)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/openjp2/j2k.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index c0551870..68998abc 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -9611,6 +9611,11 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k, /* Why this condition? FIXME */ if (p_j2k->m_specific_param.m_decoder.m_state & J2K_STATE_TPH) { + if (p_j2k->m_specific_param.m_decoder.m_sot_length < l_marker_size + 2) { + opj_event_msg(p_manager, EVT_ERROR, + "Sot length is less than marker size + marker ID\n"); + return OPJ_FALSE; + } p_j2k->m_specific_param.m_decoder.m_sot_length -= (l_marker_size + 2); } l_marker_size -= 2; /* Subtract the size of the marker ID already read */ |