From: Even Rouault Date: Sat, 29 Jul 2017 15:56:12 +0000 (+0200) Subject: color_cielab_to_rgb(): reject images with components of different dimensions to void... X-Git-Tag: v2.2.0~34 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5a3e7aaf339943bc988adbada39a1fc8f5046899;p=openjpeg color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909) --- diff --git a/src/bin/common/color.c b/src/bin/common/color.c index 6c74bf31..8bb96043 100644 --- a/src/bin/common/color.c +++ b/src/bin/common/color.c @@ -781,6 +781,18 @@ fails3: } }/* color_apply_icc_profile() */ +static int are_comps_same_dimensions(opj_image_t * image) +{ + unsigned int i; + for (i = 1; i < image->numcomps; i++) { + if (image->comps[0].dx != image->comps[i].dx || + image->comps[0].dy != image->comps[i].dy) { + return OPJ_FALSE; + } + } + return OPJ_TRUE; +} + void color_cielab_to_rgb(opj_image_t *image) { int *row; @@ -794,6 +806,12 @@ void color_cielab_to_rgb(opj_image_t *image) __FILE__, __LINE__, numcomps); return; } + if (!are_comps_same_dimensions(image)) { + fprintf(stderr, + "%s:%d:\n\tcomponents are not all of the same dimension. Quitting.\n", + __FILE__, __LINE__); + return; + } row = (int*)image->icc_profile_buf; enumcs = row[0];