opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz

author: Even Rouault <even.rouault@spatialys.com> 2017-07-29 16:34:35 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-07-29 16:34:35 +0200
commit: db9ef99f6dd054a84fa8382c02869fb0656abfc8 (patch)
tree: bfc86319a122d30fdddcd9acac52ed9dffe0dfcf /src
parent: f6551f822fe020843299bd807ec6989abd070b2c (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/lib/openjp2/t1.c b/src/lib/openjp2/t1.c
index 3615a0e6..9ab7af30 100644
--- a/src/lib/openjp2/t1.c
+++ b/src/lib/openjp2/t1.c
@@ -1822,6 +1822,18 @@ static OPJ_BOOL opj_t1_decode_cblk(opj_t1_t *t1,
     }
 
     bpno_plus_one = (OPJ_INT32)(roishift + cblk->numbps);
+    if (bpno_plus_one >= 31) {
+        if (p_manager_mutex) {
+            opj_mutex_lock(p_manager_mutex);
+        }
+        opj_event_msg(p_manager, EVT_WARNING,
+                      "opj_t1_decode_cblk(): unsupported bpno_plus_one = %d >= 31\n",
+                      bpno_plus_one);
+        if (p_manager_mutex) {
+            opj_mutex_unlock(p_manager_mutex);
+        }
+        return OPJ_FALSE;
+    }
     passtype = 2;
 
     opj_mqc_resetstates(mqc);
author	Even Rouault <even.rouault@spatialys.com>	2017-07-29 16:34:35 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-07-29 16:34:35 +0200
commit	db9ef99f6dd054a84fa8382c02869fb0656abfc8 (patch)
tree	bfc86319a122d30fdddcd9acac52ed9dffe0dfcf /src
parent	f6551f822fe020843299bd807ec6989abd070b2c (diff)