[trunk] prevent overflow in opj_t2_read_packet_header (update issue 389)

author: Antonin Descampe <antonin@gmail.com> 2014-09-30 09:26:44 +0000
committer: Antonin Descampe <antonin@gmail.com> 2014-09-30 09:26:44 +0000
commit: 2f3fd1194e79a94210b51c865847b50290239885 (patch)
tree: e5d00016b7f8c563e2d8924c5a7a4f174996c0f5 /src
parent: f08af3ed827471cb6ceb369b755a6fc4f9619df4 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index 1bcb52ca..efba2309 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -866,11 +866,10 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
         if (p_tcp->csty & J2K_CP_CSTY_SOP) {
                 if (p_max_length < 6) {
                         /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Not enough space for expected SOP marker\n"); */
-                        printf("Not enough space for expected SOP marker\n");
+                        fprintf(stderr, "Not enough space for expected SOP marker\n");
                 } else if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) {
                         /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */
-                        printf("Expected SOP marker\n");
-                        fprintf(stderr, "Error : expected SOP marker\n");
+                        fprintf(stderr, "Warning: expected SOP marker\n");
                 } else {
                         l_current_data += 6;
                 }
@@ -920,7 +919,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
                 /* EPH markers */
                 if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                        if (p_max_length < 2) {
+                        if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                                 fprintf(stderr, "Not enough space for expected EPH marker\n");
                         } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                                 fprintf(stderr, "Error : expected EPH marker\n");
@@ -1048,7 +1047,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
         /* EPH markers */
         if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                if (p_max_length < 2) {
+                if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                         fprintf(stderr, "Not enough space for expected EPH marker\n");
                 } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                         /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */
@@ -1202,6 +1201,7 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
 
         *(p_data_read) = (OPJ_UINT32)(l_current_data - p_src_data);
 
+
         return OPJ_TRUE;
 }
author	Antonin Descampe <antonin@gmail.com>	2014-09-30 09:26:44 +0000
committer	Antonin Descampe <antonin@gmail.com>	2014-09-30 09:26:44 +0000
commit	2f3fd1194e79a94210b51c865847b50290239885 (patch)
tree	e5d00016b7f8c563e2d8924c5a7a4f174996c0f5 /src
parent	f08af3ed827471cb6ceb369b755a6fc4f9619df4 (diff)