opj_j2k_write_sod(): avoid potential heap buffer overflow (fixes #1299) (probably...

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 78d45925913acb8173742907bd1634319d89553a..8e343ab2e3780d984b5056156743d0f4229163e9 100644 (file)
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k,
         }
     }
 
-    assert(l_remaining_data >
-           p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT);
+    if (l_remaining_data <
+            p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) {
+        opj_event_msg(p_manager, EVT_ERROR,
+                      "Not enough bytes in output buffer to write SOD marker\n");
+        opj_tcd_marker_info_destroy(marker_info);
+        return OPJ_FALSE;
+    }
     l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT;
 
     if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number,