summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/openjp2/j2k.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 21befaa8..76efb018 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -4378,6 +4378,16 @@ static OPJ_BOOL opj_j2k_read_sot(opj_j2k_t *p_j2k,
p_j2k->m_specific_param.m_decoder.m_last_tile_part = 1;
}
+ if (l_tcp->m_nb_tile_parts != 0 && l_current_part >= l_tcp->m_nb_tile_parts) {
+ /* Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851 */
+ opj_event_msg(p_manager, EVT_ERROR,
+ "In SOT marker, TPSot (%d) is not valid regards to the previous "
+ "number of tile-part (%d), giving up\n", l_current_part,
+ l_tcp->m_nb_tile_parts);
+ p_j2k->m_specific_param.m_decoder.m_last_tile_part = 1;
+ return OPJ_FALSE;
+ }
+
if (l_num_parts !=
0) { /* Number of tile-part header is provided by this tile-part header */
l_num_parts += p_j2k->m_specific_param.m_decoder.m_nb_tile_parts_correction;
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-10 15:18:35 +0000