opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory alloc...

author Even Rouault <even.rouault@spatialys.com>

Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)

committer Even Rouault <even.rouault@spatialys.com>

Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)
author Even Rouault <even.rouault@spatialys.com>
Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)
committer Even Rouault <even.rouault@spatialys.com>
Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c

index 4c2b9326bd8a07988ea526be3e67e3a76b7b9345..f908c655f667984ceb96a2329b5d2d197c87ce5b 100644 (file)
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -7711,6 +7711,10 @@ static OPJ_BOOL opj_j2k_read_header_procedure(opj_j2k_t *p_j2k,
          /* read 2 bytes as the marker size */
          opj_read_bytes(p_j2k->m_specific_param.m_decoder.m_header_data, &l_marker_size,
                         2);
+        if (l_marker_size < 2) {
+            opj_event_msg(p_manager, EVT_ERROR, "Invalid marker size\n");
+            return OPJ_FALSE;
+        }
          l_marker_size -= 2; /* Subtract the size of the marker ID already read */
  
          /* Check if the marker size is compatible with the header data size */
author	Even Rouault <even.rouault@spatialys.com>
	Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)
committer	Even Rouault <even.rouault@spatialys.com>
	Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)