diff options
| author | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2014-03-18 14:43:47 +0000 |
|---|---|---|
| committer | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2014-03-18 14:43:47 +0000 |
| commit | 6d9e8a5a637b7d61d5cf060b735551cf9a624cc0 (patch) | |
| tree | 43eedaf3f95d5a47f5fa2fa46b8a2cb08dc601cf /src | |
| parent | 008de865337989c00879e32f23c8259c1be31d00 (diff) | |
[trunk] Import git commit fc884aee2b69c78500e65c3d05bf216791a9ea4a from ghostscript team
Fixes issue 296
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/openjp2/t2.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c index 253d14f8..f78d348e 100644 --- a/src/lib/openjp2/t2.c +++ b/src/lib/openjp2/t2.c @@ -985,6 +985,11 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, l_cblk->numnewpasses = opj_t2_getnumpasses(l_bio); l_increment = opj_t2_getcommacode(l_bio); + /* testcase 1802.pdf.SIGSEGV.36e.894 */ + if (l_cblk->segs[l_segno].newlen > *l_modified_length_ptr) { + opj_bio_destroy(l_bio); + return OPJ_FALSE; + } /* length indicator increment */ l_cblk->numlenbits += l_increment; l_segno = 0; @@ -1153,6 +1158,7 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen); if(! new_cblk_data) { opj_free(l_cblk->data); + l_cblk->data = NULL; l_cblk->data_max_size = 0; /* opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to realloc code block cata!\n"); */ return OPJ_FALSE; |