summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/openjp2/t2.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index 0982d6b5..2271ea6b 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -983,6 +983,11 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
do {
l_cblk->segs[l_segno].numnewpasses = opj_int_min(l_cblk->segs[l_segno].maxpasses - l_cblk->segs[l_segno].numpasses, n);
l_cblk->segs[l_segno].newlen = opj_bio_read(l_bio, l_cblk->numlenbits + opj_uint_floorlog2(l_cblk->segs[l_segno].numnewpasses));
+ /* testcase 1802.pdf.SIGSEGV.36e.894 */
+ if (l_cblk->segs[l_segno].newlen > *l_modified_length_ptr) {
+ opj_bio_destroy(l_bio);
+ return OPJ_FALSE;
+ }
n -= l_cblk->segs[l_segno].numnewpasses;
if (n > 0) {
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-17 19:42:59 +0000