From 832dfd18665da08745748bde2d2563f00c7cd9e7 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 20 Jun 2018 14:38:41 +0200
Subject: Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC
 is encountered in opj_j2k_read_tile_header(). Fixes
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS
 Fuzz" (fixes #1120)

This reverts commit 9906fbf737692486cebabe98169988d818e2e66a.
which broke decoding of images where TNsot == 0
---
 src/lib/openjp2/j2k.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 6e9cf8ce..5109931f 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8845,7 +8845,10 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k,
 
     /* Current marker is the EOC marker ?*/
     if (l_current_marker == J2K_MS_EOC) {
-        p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
+        if (p_j2k->m_specific_param.m_decoder.m_state != J2K_STATE_EOC) {
+            p_j2k->m_current_tile_number = 0;
+            p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_EOC;
+        }
     }
 
     /* FIXME DOC ???*/
-- 
cgit v1.2.3


From 0c913b0aba409148b51ca43d45c50ae595449723 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 20 Jun 2018 14:54:09 +0200
Subject: Avoid assertion when running opj_j2k_merge_ppt() several time due to
 e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785

---
 src/lib/openjp2/j2k.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 5109931f..28c7513f 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -4094,7 +4094,12 @@ static OPJ_BOOL opj_j2k_merge_ppt(opj_tcp_t *p_tcp, opj_event_mgr_t * p_manager)
     /* preconditions */
     assert(p_tcp != 00);
     assert(p_manager != 00);
-    assert(p_tcp->ppt_buffer == NULL);
+
+    if (p_tcp->ppt_buffer != NULL) {
+        opj_event_msg(p_manager, EVT_ERROR,
+                      "opj_j2k_merge_ppt() has already been called\n");
+        return OPJ_FALSE;
+    }
 
     if (p_tcp->ppt == 0U) {
         return OPJ_TRUE;
-- 
cgit v1.2.3