]> granicus.if.org Git - openjpeg/commitdiff
projects / openjpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1acfa21)
[trunk] check possible overflow on size in opj_t2_read_packet_data
authorAntonin Descampe <antonin@gmail.com>
Tue, 30 Sep 2014 10:07:09 +0000 (10:07 +0000)
committerAntonin Descampe <antonin@gmail.com>
Tue, 30 Sep 2014 10:07:09 +0000 (10:07 +0000)
Update issue 390
Labels: Priority-Critical
Should be rechecked with ASan and pdfium

src/lib/openjp2/t2.c patch | blob | history

diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index efba23092b0efcb02f92ac26c7cbff94476275aa..f2a7c9a57cbd659b127a3bc75bcc409327436619 100644 (file)
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -1157,6 +1157,12 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
                                 };
 
 #endif /* USE_JPWL */
+                                /* Check possible overflow on size */
+                                if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) {
+                                        fprintf(stderr, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
+                                                l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
+                                        return OPJ_FALSE;
+                                }
                                 /* Check if the cblk->data have allocated enough memory */
                                 if ((l_cblk->data_current_size + l_seg->newlen) > l_cblk->data_max_size) {
                                     OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen);
Unnamed repository; edit this file 'description' to name the repository.