Merge pull request #1301 from rouault/fix_1299

opj_j2k_write_sod(): avoid potential heap buffer overflow (fixes #1299) (probably master only)
author: Even Rouault <even.rouault@spatialys.com> 2020-12-02 23:56:57 +0100
committer: GitHub <noreply@github.com> 2020-12-02 23:56:57 +0100
commit: aaff099b49365cfecfc475ada48b9244c6eefc9c (patch)
tree: 803b6adc61d3507a782bf44d704ec46f5edc7581 /src
parent: fb9eae5d637d06209a6cb9ca57960ac72179ee14 (diff)
parent: 73fdf28342e4594019af26eb6a347a34eceb6296 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 78d45925..8e343ab2 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k,
         }
     }
 
-    assert(l_remaining_data >
-           p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT);
+    if (l_remaining_data <
+            p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) {
+        opj_event_msg(p_manager, EVT_ERROR,
+                      "Not enough bytes in output buffer to write SOD marker\n");
+        opj_tcd_marker_info_destroy(marker_info);
+        return OPJ_FALSE;
+    }
     l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT;
 
     if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number,
author	Even Rouault <even.rouault@spatialys.com>	2020-12-02 23:56:57 +0100
committer	GitHub <noreply@github.com>	2020-12-02 23:56:57 +0100
commit	aaff099b49365cfecfc475ada48b9244c6eefc9c (patch)
tree	803b6adc61d3507a782bf44d704ec46f5edc7581 /src
parent	fb9eae5d637d06209a6cb9ca57960ac72179ee14 (diff)
parent	73fdf28342e4594019af26eb6a347a34eceb6296 (diff)