[trunk] Fixed a crash on 0xh or wx0 image size decoding

Update issue 427
author: Matthieu Darbois <mayeut@users.noreply.github.com> 2014-12-18 22:19:52 +0000
committer: Matthieu Darbois <mayeut@users.noreply.github.com> 2014-12-18 22:19:52 +0000
commit: c0cb119c0e6a18b6a9ac2ee4305acfb71b06a63c (patch)
tree: 71ecd4a1ee10f034fef18ab093d4b810c8f47893 /src
parent: 9a21e1eef06672b8a546430e9cb578c56d7858cf (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index ff00d7c4..656bf6de 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -1981,8 +1981,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
         }
 
         /* testcase 4035.pdf.SIGSEGV.d8b.3375 */
-        if (l_image->x0 > l_image->x1 || l_image->y0 > l_image->y1) {
-                opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: negative image size (%d x %d)\n", l_image->x1 - l_image->x0, l_image->y1 - l_image->y0);
+        /* testcase issue427-null-image-size.jp2 */
+        if ((l_image->x0 >= l_image->x1) || (l_image->y0 >= l_image->y1)) {
+                opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: negative or zero image size (%d x %d)\n", l_image->x1 - l_image->x0, l_image->y1 - l_image->y0);
                 return OPJ_FALSE;
         }
         /* testcase 2539.pdf.SIGFPE.706.1712 (also 3622.pdf.SIGFPE.706.2916 and 4008.pdf.SIGFPE.706.3345 and maybe more) */
author	Matthieu Darbois <mayeut@users.noreply.github.com>	2014-12-18 22:19:52 +0000
committer	Matthieu Darbois <mayeut@users.noreply.github.com>	2014-12-18 22:19:52 +0000
commit	c0cb119c0e6a18b6a9ac2ee4305acfb71b06a63c (patch)
tree	71ecd4a1ee10f034fef18ab093d4b810c8f47893 /src
parent	9a21e1eef06672b8a546430e9cb578c56d7858cf (diff)