jp2: convert: fix null pointer dereference

Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. Add != null check. This commit addresses #1152 (CVE-2018-18088).
author: Hugo Lefeuvre <hle@debian.org> 2018-11-07 18:48:29 +0100
committer: Hugo Lefeuvre <hle@debian.org> 2018-11-07 18:53:18 +0100
commit: cab352e249ed3372dd9355c85e837613fff98fa2 (patch)
tree: 0d5807963a49883d70baf32832ad0789a54c7e53 /src
parent: 0bc90e4062a5f9258c91eca018c019b179066c62 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index fa02e31c..e670cd82 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -2233,6 +2233,11 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
                 opj_version(), wr, hr, max);
 
         red = image->comps[compno].data;
+        if (!red) {
+            fclose(fdest);
+            continue;
+        }
+
         adjustR =
             (image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);
author	Hugo Lefeuvre <hle@debian.org>	2018-11-07 18:48:29 +0100
committer	Hugo Lefeuvre <hle@debian.org>	2018-11-07 18:53:18 +0100
commit	cab352e249ed3372dd9355c85e837613fff98fa2 (patch)
tree	0d5807963a49883d70baf32832ad0789a54c7e53 /src
parent	0bc90e4062a5f9258c91eca018c019b179066c62 (diff)