From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 6 Sep 2017 13:59:19 +0000 (+0200)
Subject: Fix null pointer dereference on partial tile decoding when they are empty. Fixes... 
X-Git-Tag: v2.3.0~37
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=003759a4829f3f1baa5a2292956618fecf314818;p=openjpeg

Fix null pointer dereference on partial tile decoding when they are empty. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3297 (master only)
---

diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
index 18270045..c574357a 100644
--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
@@ -1931,7 +1931,14 @@ static OPJ_BOOL opj_dwt_decode_partial_tile(
     OPJ_UINT32 win_tcx1 = tilec->win_x1;
     OPJ_UINT32 win_tcy1 = tilec->win_y1;
 
+    if (tr_max->x0 == tr_max->x1 || tr_max->y0 == tr_max->y1) {
+        return OPJ_TRUE;
+    }
+
     sa = opj_dwt_init_sparse_array(tilec, numres);
+    if (sa == NULL) {
+        return OPJ_FALSE;
+    }
 
     if (numres == 1U) {
         OPJ_BOOL ret = opj_sparse_array_int32_read(sa,
@@ -2641,7 +2648,14 @@ OPJ_BOOL opj_dwt_decode_partial_97(opj_tcd_tilecomp_t* OPJ_RESTRICT tilec,
     OPJ_UINT32 win_tcx1 = tilec->win_x1;
     OPJ_UINT32 win_tcy1 = tilec->win_y1;
 
+    if (tr_max->x0 == tr_max->x1 || tr_max->y0 == tr_max->y1) {
+        return OPJ_TRUE;
+    }
+
     sa = opj_dwt_init_sparse_array(tilec, numres);
+    if (sa == NULL) {
+        return OPJ_FALSE;
+    }
 
     if (numres == 1U) {
         OPJ_BOOL ret = opj_sparse_array_int32_read(sa,