[trunk] Fix Heap-based buffer-overflow when decoding openjpeg image
Thanks to Huzaifa Sidhpurwala of Red Hat Security Response Team for report This does not affect release 1.5.0 and/or 1.5 release branch. Fixes issue 170
This commit is contained in:
parent
3991bbe595
commit
1ff1401ff1
|
@ -1826,6 +1826,10 @@ static opj_bool t2_read_packet_data(
|
||||||
|
|
||||||
#endif /* USE_JPWL */
|
#endif /* USE_JPWL */
|
||||||
|
|
||||||
|
if ((l_cblk->len + l_seg->newlen) > 8192) {
|
||||||
|
return OPJ_FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
memcpy(l_cblk->data + l_cblk->len, l_current_data, l_seg->newlen);
|
memcpy(l_cblk->data + l_cblk->len, l_current_data, l_seg->newlen);
|
||||||
|
|
||||||
if (l_seg->numpasses == 0) {
|
if (l_seg->numpasses == 0) {
|
||||||
|
|
Loading…
Reference in New Issue