for(i = 0; i < nr_channels; ++i) {
OPJ_INT32 bytes_to_read = (channel_size[i]+7)>>3;
+ if (bytes_to_read > sizeof(OPJ_UINT32))
+ bytes_to_read = sizeof(OPJ_UINT32);
+ if ((ptrdiff_t)p_pclr_header_size < p_pclr_header_data - orig_header_data + bytes_to_read)
+ return OPJ_FALSE;
+
if (bytes_to_read > sizeof(OPJ_UINT32))
bytes_to_read = sizeof(OPJ_UINT32);
if ((ptrdiff_t)p_pclr_header_size < p_pclr_header_data - orig_header_data + bytes_to_read)
return OPJ_FALSE;
}
+ if (p_cmap_header_size < (OPJ_UINT32)nr_channels * 4) {
+ opj_event_msg(p_manager, EVT_ERROR, "Insufficient data for CMAP box.\n");
+ return OPJ_FALSE;
+ }
+
cmap = (opj_jp2_cmap_comp_t*) opj_malloc(nr_channels * sizeof(opj_jp2_cmap_comp_t));
if (!cmap)
return OPJ_FALSE;
return OPJ_FALSE;
}
+ if (p_cdef_header_size < 2) {
+ opj_event_msg(p_manager, EVT_ERROR, "Insufficient data for CDEF box.\n");
+ return OPJ_FALSE;
+ }
+
opj_read_bytes(p_cdef_header_data,&l_value ,2); /* N */
p_cdef_header_data+= 2;
return OPJ_FALSE;
}
+ if (p_cdef_header_size < 2 + (OPJ_UINT32)(OPJ_UINT16)l_value * 6) {
+ opj_event_msg(p_manager, EVT_ERROR, "Insufficient data for CDEF box.\n");
+ return OPJ_FALSE;
+ }
+
cdef_info = (opj_jp2_cdef_info_t*) opj_malloc(l_value * sizeof(opj_jp2_cdef_info_t));
if (!cdef_info)
return OPJ_FALSE;
projects / openjpeg / commitdiff