From 37a8d2acc1945010fc4b76255003d1f9e9edefa8 Mon Sep 17 00:00:00 2001
From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
Date: Wed, 26 Feb 2014 11:25:27 +0000
Subject: [PATCH] [trunk] Import patch from sumatrapdf team. This handle
 testcase 1851.pdf.SIGSEGV.ce9.948 Update issue 225

---
 src/lib/openjp2/jp2.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
index 978f3c57..544ce91b 100644
--- a/src/lib/openjp2/jp2.c
+++ b/src/lib/openjp2/jp2.c
@@ -1819,6 +1819,12 @@ OPJ_BOOL opj_jp2_read_header_procedure(  opj_jp2_t *jp2,
 			opj_free(l_current_data);
 			return OPJ_FALSE;
 		}
+		/* testcase 1851.pdf.SIGSEGV.ce9.948 */
+		else if	(box.length < l_nb_bytes_read) {
+			opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type);
+			opj_free(l_current_data);
+			return OPJ_FALSE;
+		}
 
 		l_current_handler = opj_jp2_find_handler(box.type);
 		l_current_data_size = box.length - l_nb_bytes_read;
-- 
2.50.1