]> granicus.if.org Git - openjpeg/commitdiff
projects / openjpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ae6ff8)
[trunk] Import patch from sumatrapdf team. This handle testcase 1610.pdf.SIGSEGV...
authorMathieu Malaterre <mathieu.malaterre@gmail.com>
Wed, 26 Feb 2014 11:09:59 +0000 (11:09 +0000)
committerMathieu Malaterre <mathieu.malaterre@gmail.com>
Wed, 26 Feb 2014 11:09:59 +0000 (11:09 +0000)
Update issue 225

src/lib/openjp2/j2k.c patch | blob | history

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index a6397eff8de295a516585f18edcc146d09b9ce87..120e94fcb3f57068c2b6a4d37ede2397bbdb7e6a 100644 (file)
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -1965,6 +1965,12 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
                 return OPJ_FALSE;
         }
 
+        /* testcase 1610.pdf.SIGSEGV.59c.681 */
+        if (((OPJ_UINT64)l_image->x1) * ((OPJ_UINT64)l_image->y1) != (l_image->x1 * l_image->y1)) {
+                opj_event_msg(p_manager, EVT_ERROR, "Prevent buffer overflow (x1: %d, y1: %d)", l_image->x1, l_image->y1);
+                return OPJ_FALSE;
+        }
+
 #ifdef USE_JPWL
         if (l_cp->correct) {
                 /* if JPWL is on, we check whether TX errors have damaged
Unnamed repository; edit this file 'description' to name the repository.