[trunk] Fix possible code execution vuln

Thanks to Huzaifa Sidhpurwala of Red Hat Security Response Team for patch + dataset to reproduce issue.
Technically kdu_expand works fine on the image...

Fixes issue 175
This commit is contained in:
Mathieu Malaterre 2012-09-12 17:11:17 +00:00
parent 4a845f3d04
commit 02734264a1
1 changed files with 5 additions and 0 deletions

View File

@ -7052,6 +7052,11 @@ opj_bool opj_j2k_read_tile_header( opj_j2k_v2_t * p_j2k,
return OPJ_FALSE; return OPJ_FALSE;
} }
if (!l_marker_handler->handler) {
/* See issue #175 */
opj_event_msg_v2(p_manager, EVT_ERROR, "Not sure how that happened.\n");
return OPJ_FALSE;
}
/* Read the marker segment with the correct marker handler */ /* Read the marker segment with the correct marker handler */
if (! (*(l_marker_handler->handler))(p_j2k,p_j2k->m_specific_param.m_decoder.m_header_data,l_marker_size,p_manager)) { if (! (*(l_marker_handler->handler))(p_j2k,p_j2k->m_specific_param.m_decoder.m_header_data,l_marker_size,p_manager)) {
opj_event_msg_v2(p_manager, EVT_ERROR, "Fail to read the current marker segment (%#x)\n", l_current_marker); opj_event_msg_v2(p_manager, EVT_ERROR, "Fail to read the current marker segment (%#x)\n", l_current_marker);