[trunk] prevent overflow in j2k.c

Update issue 392 Issue left open to solve problem on x64-Asan and to investigate Matthieu's suggestion
author: Antonin Descampe <antonin@gmail.com> 2014-10-30 11:53:06 +0000
committer: Antonin Descampe <antonin@gmail.com> 2014-10-30 11:53:06 +0000
commit: 7f8f284ee5ee05200f62266dfff0284551407a83 (patch)
tree: 0784591657fd2a252fe9c22ccd89f73d6da11076 /src
parent: 09fb8b6989b4b278084f0da40aed00111d2af081 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 66db53b4..f30b3a36 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -3684,6 +3684,15 @@ OPJ_BOOL j2k_read_ppm_v3 (
                         OPJ_BYTE *new_ppm_data;
                         /* Increase the size of ppm_data to add the new Ippm series*/
                         assert(l_cp->ppm_data == l_cp->ppm_buffer && "We need ppm_data and ppm_buffer to be the same when reallocating");
+                        /* Overflow check */
+                        if ((l_cp->ppm_len + l_N_ppm) < l_N_ppm) {
+                                opj_free(l_cp->ppm_data);
+                                l_cp->ppm_data = NULL;
+                                l_cp->ppm_buffer = NULL;  /* TODO: no need for a new local variable: ppm_buffer and ppm_data are enough */
+                                l_cp->ppm_len = 0;
+                                opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to increase the size of ppm_data to add the new (complete) Ippm series\n");
+                                return OPJ_FALSE;
+                        }
                         new_ppm_data = (OPJ_BYTE *) opj_realloc(l_cp->ppm_data, l_cp->ppm_len + l_N_ppm);
                         if (! new_ppm_data) {
                                 opj_free(l_cp->ppm_data);
@@ -3707,6 +3716,16 @@ OPJ_BOOL j2k_read_ppm_v3 (
         if (l_remaining_data) {
                 OPJ_BYTE *new_ppm_data;
                 assert(l_cp->ppm_data == l_cp->ppm_buffer && "We need ppm_data and ppm_buffer to be the same when reallocating");
+
+                /* Overflow check */
+                if ((l_cp->ppm_len + l_N_ppm) < l_N_ppm) {
+                        opj_free(l_cp->ppm_data);
+                        l_cp->ppm_data = NULL;
+                        l_cp->ppm_buffer = NULL;  /* TODO: no need for a new local variable: ppm_buffer and ppm_data are enough */
+                        l_cp->ppm_len = 0;
+                        opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to increase the size of ppm_data to add the new (complete) Ippm series\n");
+                        return OPJ_FALSE;
+                }
                 new_ppm_data = (OPJ_BYTE *) opj_realloc(l_cp->ppm_data, l_cp->ppm_len + l_N_ppm);
                 if (! new_ppm_data) {
                         opj_free(l_cp->ppm_data);
author	Antonin Descampe <antonin@gmail.com>	2014-10-30 11:53:06 +0000
committer	Antonin Descampe <antonin@gmail.com>	2014-10-30 11:53:06 +0000
commit	7f8f284ee5ee05200f62266dfff0284551407a83 (patch)
tree	0784591657fd2a252fe9c22ccd89f73d6da11076 /src
parent	09fb8b6989b4b278084f0da40aed00111d2af081 (diff)