color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909)

1 files changed, 18 insertions, 0 deletions

diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 6c74bf31..8bb96043 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -781,6 +781,18 @@ fails3:
     }
 }/* color_apply_icc_profile() */
 
+static int are_comps_same_dimensions(opj_image_t * image)
+{
+    unsigned int i;
+    for (i = 1; i < image->numcomps; i++) {
+        if (image->comps[0].dx != image->comps[i].dx ||
+                image->comps[0].dy != image->comps[i].dy) {
+            return OPJ_FALSE;
+        }
+    }
+    return OPJ_TRUE;
+}
+
 void color_cielab_to_rgb(opj_image_t *image)
 {
     int *row;
@@ -794,6 +806,12 @@ void color_cielab_to_rgb(opj_image_t *image)
                 __FILE__, __LINE__, numcomps);
         return;
     }
+    if (!are_comps_same_dimensions(image)) {
+        fprintf(stderr,
+                "%s:%d:\n\tcomponents are not all of the same dimension. Quitting.\n",
+                __FILE__, __LINE__);
+        return;
+    }
 
     row = (int*)image->icc_profile_buf;
     enumcs = row[0];