From 0a6eaaa60503b38bf389ac6b9c0f6ab4d8bdd497 Mon Sep 17 00:00:00 2001
From: Antonin Descampe <antonin@gmail.com>
Date: Thu, 30 Oct 2014 18:00:45 +0000
Subject: [PATCH] [trunk] add a check on precinct size (fixes issue 420)

---
 src/lib/openjp2/j2k.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index f30b3a36..46f50eeb 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8617,6 +8617,11 @@ OPJ_BOOL opj_j2k_read_SPCod_SPCoc(  opj_j2k_t *p_j2k,
                 for     (i = 0; i < l_tccp->numresolutions; ++i) {
                         opj_read_bytes(l_current_ptr,&l_tmp ,1);                /* SPcoc (I_i) */
                         ++l_current_ptr;
+                        /* Precinct exponent 0 is only allowed for lowest resolution level (Table A.21) */
+                        if ((i != 0) && (((l_tmp & 0xf) == 0) || ((l_tmp >> 4) == 0))) {
+                                opj_event_msg(p_manager, EVT_ERROR, "Invalid precinct size\n");
+                                return OPJ_FALSE;
+                        }
                         l_tccp->prcw[i] = l_tmp & 0xf;
                         l_tccp->prch[i] = l_tmp >> 4;
                 }