walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

[trunk] Fix Heap-based buffer-overflow when decoding openjpeg image 

Thanks to Huzaifa Sidhpurwala of Red Hat Security Response Team for report
This does not affect release 1.5.0 and/or 1.5 release branch.

Fixes issue 170
This commit is contained in:
Mathieu Malaterre 2012-09-10 11:05:15 +00:00
parent 3991bbe595
commit 1ff1401ff1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libopenjpeg/t2.c
View File

@ -1826,6 +1826,10 @@ static opj_bool t2_read_packet_data(
#endif /* USE_JPWL */
if ((l_cblk->len + l_seg->newlen) > 8192) {
return OPJ_FALSE;
}
memcpy(l_cblk->data + l_cblk->len, l_current_data, l_seg->newlen);
if (l_seg->numpasses == 0) {