[trunk] Fixed a crash on illegal tile offset when decoding

author Matthieu Darbois <mayeut@users.noreply.github.com>

Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)

committer Matthieu Darbois <mayeut@users.noreply.github.com>

Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)
author Matthieu Darbois <mayeut@users.noreply.github.com>
Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)
committer Matthieu Darbois <mayeut@users.noreply.github.com>
Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c

index 656bf6dedae68ec16e1502c9d0607c3d455f9513..cf4114d7710afc70ece81feff434d4690cbd1dc9 100644 (file)
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -1919,7 +1919,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
          OPJ_UINT32 l_nb_comp_remain;
          OPJ_UINT32 l_remaining_size;
          OPJ_UINT32 l_nb_tiles;
-        OPJ_UINT32 l_tmp;
+        OPJ_UINT32 l_tmp, l_tx1, l_ty1;
          opj_image_t *l_image = 00;
          opj_cp_t *l_cp = 00;
          opj_image_comp_t * l_img_comp = 00;
@@ -1998,6 +1998,20 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
                  return OPJ_FALSE;
          }
  
+        /* testcase issue427-illegal-tile-offset.jp2 */
+        l_tx1 = l_cp->tx0 + l_cp->tdx;
+        if (l_tx1 < l_cp->tx0) { /* manage overflow */
+                l_tx1 = 0xFFFFFFFFU;
+        }
+        l_ty1 = l_cp->ty0 + l_cp->tdy;
+        if (l_ty1 < l_cp->ty0) { /* manage overflow */
+                l_ty1 = 0xFFFFFFFFU;
+        }
+        if ((l_cp->tx0 > l_image->x0) || (l_cp->ty0 > l_image->y0) || (l_tx1 <= l_image->x0) || (l_ty1 <= l_image->y0) ) {
+                opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: illegal tile offset\n");
+                return OPJ_FALSE;
+        }
+
  #ifdef USE_JPWL
          if (l_cp->correct) {
                  /* if JPWL is on, we check whether TX errors have damaged
diff --git a/tests/nonregression/CMakeLists.txt b/tests/nonregression/CMakeLists.txt

index be349ec070c607fce2adf635de61419cc0f7c019..927120f45283725f2b44dca3e78ceb349ee3d9d2 100644 (file)
--- a/tests/nonregression/CMakeLists.txt
+++ b/tests/nonregression/CMakeLists.txt
@@ -44,6 +44,7 @@ set(BLACKLIST_JPEG2000_TMP
      edf_c2_1673169.jp2
      issue429.jp2
      issue427-null-image-size.jp2
+    issue427-illegal-tile-offset.jp2
     )
  
  # Define a list of file which should be gracefully rejected:
diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in

index ace54f947ee30f76fe4dba07e26f7ff17bb26c52..afcf45d3db16a17bb945243baf60723cbc10e059 100644 (file)
--- a/tests/nonregression/test_suite.ctest.in
+++ b/tests/nonregression/test_suite.ctest.in
@@ -231,6 +231,8 @@ opj_decompress -i @INPUT_NR_PATH@/issue411-ycc420.jp2 -o @TEMP_PATH@/issue411-yc
  !opj_decompress -i @INPUT_NR_PATH@/issue432.jp2 -o @TEMP_PATH@/issue432.jp2.pgx
  # issue 427 image width is 0
  !opj_decompress -i @INPUT_NR_PATH@/issue427-null-image-size.jp2 -o @TEMP_PATH@/issue427-null-image-size.jp2.pgx
+# issue 427 illegal tile offset
+!opj_decompress -i @INPUT_NR_PATH@/issue427-illegal-tile-offset.jp2 -o @TEMP_PATH@/issue427-illegal-tile-offset.jp2.pgx
  
  # decode with specific area
  # prec=12; nb_c=1
author	Matthieu Darbois <mayeut@users.noreply.github.com>
	Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)
committer	Matthieu Darbois <mayeut@users.noreply.github.com>
	Thu, 18 Dec 2014 22:56:38 +0000 (22:56 +0000)
src/lib/openjp2/j2k.c		patch \| blob \| history
tests/nonregression/CMakeLists.txt		patch \| blob \| history
tests/nonregression/test_suite.ctest.in		patch \| blob \| history