From 02734264a197d232319df2a51b85a39492e3c0c0 Mon Sep 17 00:00:00 2001
From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
Date: Wed, 12 Sep 2012 17:11:17 +0000
Subject: [PATCH] [trunk] Fix possible code execution vuln

Thanks to Huzaifa Sidhpurwala of Red Hat Security Response Team for patch + dataset to reproduce issue.
Technically kdu_expand works fine on the image...

Fixes issue 175
---
 libopenjpeg/j2k.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c
index de70be75..c76bcba5 100644
--- a/libopenjpeg/j2k.c
+++ b/libopenjpeg/j2k.c
@@ -7052,6 +7052,11 @@ opj_bool opj_j2k_read_tile_header(      opj_j2k_v2_t * p_j2k,
                                 return OPJ_FALSE;
                         }
 
+                        if (!l_marker_handler->handler) {
+                                /* See issue #175 */
+                                opj_event_msg_v2(p_manager, EVT_ERROR, "Not sure how that happened.\n");
+                                return OPJ_FALSE;
+                        }
                         /* Read the marker segment with the correct marker handler */
                         if (! (*(l_marker_handler->handler))(p_j2k,p_j2k->m_specific_param.m_decoder.m_header_data,l_marker_size,p_manager)) {
                                 opj_event_msg_v2(p_manager, EVT_ERROR, "Fail to read the current marker segment (%#x)\n", l_current_marker);