projects
/
openjpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5736b1a
)
opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory alloc...
author
Even Rouault
<even.rouault@spatialys.com>
Mon, 3 Jul 2017 12:33:57 +0000
(14:33 +0200)
committer
Even Rouault
<even.rouault@spatialys.com>
Mon, 3 Jul 2017 12:33:57 +0000
(14:33 +0200)
src/lib/openjp2/j2k.c
patch
|
blob
|
history
diff --git
a/src/lib/openjp2/j2k.c
b/src/lib/openjp2/j2k.c
index 4c2b9326bd8a07988ea526be3e67e3a76b7b9345..f908c655f667984ceb96a2329b5d2d197c87ce5b 100644
(file)
--- a/
src/lib/openjp2/j2k.c
+++ b/
src/lib/openjp2/j2k.c
@@
-7711,6
+7711,10
@@
static OPJ_BOOL opj_j2k_read_header_procedure(opj_j2k_t *p_j2k,
/* read 2 bytes as the marker size */
opj_read_bytes(p_j2k->m_specific_param.m_decoder.m_header_data, &l_marker_size,
2);
+ if (l_marker_size < 2) {
+ opj_event_msg(p_manager, EVT_ERROR, "Invalid marker size\n");
+ return OPJ_FALSE;
+ }
l_marker_size -= 2; /* Subtract the size of the marker ID already read */
/* Check if the marker size is compatible with the header data size */