From 1ab6e0e07a67193564811c5720a69cb28f09a809 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 17 Aug 2017 12:01:16 +0200
Subject: [PATCH] opj_decompress_fuzzer.cpp: reject images with too big tiles.
 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2918. Credit to
 OSS Fuzz

---
 tests/fuzzers/opj_decompress_fuzzer.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/fuzzers/opj_decompress_fuzzer.cpp b/tests/fuzzers/opj_decompress_fuzzer.cpp
index 82f9ea6a..f16e3edc 100644
--- a/tests/fuzzers/opj_decompress_fuzzer.cpp
+++ b/tests/fuzzers/opj_decompress_fuzzer.cpp
@@ -165,6 +165,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
         return 0;
     }
 
+    // Also reject too big tiles.
+    // TODO: remove this limitation when subtile decoding no longer imply
+    // allocation memory for whole tile
+    opj_codestream_info_v2_t* pCodeStreamInfo = opj_get_cstr_info(pCodec);
+    OPJ_UINT32 nTileW, nTileH;
+    nTileW = pCodeStreamInfo->tdx;
+    nTileH = pCodeStreamInfo->tdy;
+    opj_destroy_cstr_info(&pCodeStreamInfo);
+    if (nTileW > 2048 || nTileH > 2048) {
+        opj_stream_destroy(pStream);
+        opj_destroy_codec(pCodec);
+        opj_image_destroy(psImage);
+
+        return 0;
+    }
+
     OPJ_UINT32 width_to_read = width;
     if (width_to_read > 1024) {
         width_to_read = 1024;