From 9cba05762ded66b803df94b00adbd5a97727da95 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Wed, 20 Sep 2017 00:43:54 +0200 Subject: [PATCH] Avoid index-out-of-bounds access when invoking opj_compress with -n 11 or higher. But not a proper fix itself (refs #493) --- src/lib/openjp2/dwt.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c index c574357a..5b98d2b3 100644 --- a/src/lib/openjp2/dwt.c +++ b/src/lib/openjp2/dwt.c @@ -216,6 +216,8 @@ static void opj_v4dwt_decode_step2(opj_v4_t* l, opj_v4_t* w, /* */ /* This table contains the norms of the 5-3 wavelets for different bands. */ /* */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { {1.000, 1.500, 2.750, 5.375, 10.68, 21.34, 42.67, 85.33, 170.7, 341.3}, {1.038, 1.592, 2.919, 5.703, 11.33, 22.64, 45.25, 90.48, 180.9}, @@ -226,6 +228,8 @@ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { /* */ /* This table contains the norms of the 9-7 wavelets for different bands. */ /* */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms_real[4][10] = { {1.000, 1.965, 4.177, 8.403, 16.90, 33.84, 67.69, 135.3, 270.6, 540.9}, {2.022, 3.989, 8.355, 17.04, 34.27, 68.63, 137.3, 274.6, 549.0}, @@ -1229,6 +1233,14 @@ OPJ_UINT32 opj_dwt_getgain(OPJ_UINT32 orient) /* */ OPJ_FLOAT64 opj_dwt_getnorm(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms[orient][level]; } @@ -1254,6 +1266,14 @@ OPJ_UINT32 opj_dwt_getgain_real(OPJ_UINT32 orient) /* */ OPJ_FLOAT64 opj_dwt_getnorm_real(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms_real[orient][level]; } -- 2.40.0