opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850)

This has been recently fixed in a less elegant way per
80818c39f5
This commit is contained in:
Even Rouault 2017-07-29 19:03:13 +02:00
parent 3fbe713690
commit 11445eddad
1 changed files with 2 additions and 1 deletions

View File

@ -1213,7 +1213,8 @@ static void opj_pi_update_decode_poc(opj_pi_iterator_t * p_pi,
l_current_poc->resno1; /* Resolution Level Index #0 (End) */
l_current_pi->poc.compno1 =
l_current_poc->compno1; /* Component Index #0 (End) */
l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */
l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1,
p_tcp->numlayers); /* Layer Index #0 (End) */
l_current_pi->poc.precno1 = p_max_precision;
++l_current_pi;
++l_current_poc;