color_apply_icc_profile: avoid potential heap buffer overflow

Derived from a patch by Thuan Pham
This commit is contained in:
Even Rouault 2018-11-27 23:31:30 +01:00
parent 92023cd6c3
commit 2e5ab1d998
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 68 additions and 58 deletions

View File

@ -597,6 +597,10 @@ void color_apply_icc_profile(opj_image_t *image)
} }
if (image->numcomps > 2) { /* RGB, RGBA */ if (image->numcomps > 2) { /* RGB, RGBA */
if ((image->comps[0].w == image->comps[1].w &&
image->comps[0].w == image->comps[2].w) &&
(image->comps[0].h == image->comps[1].h &&
image->comps[0].h == image->comps[2].h)) {
if (prec <= 8) { if (prec <= 8) {
unsigned char *inbuf, *outbuf, *in, *out; unsigned char *inbuf, *outbuf, *in, *out;
@ -674,6 +678,12 @@ fails1:
opj_image_data_free(inbuf); opj_image_data_free(inbuf);
opj_image_data_free(outbuf); opj_image_data_free(outbuf);
} }
} else {
fprintf(stderr,
"[ERROR] Image components should have the same width and height\n");
cmsDeleteTransform(transform);
return;
}
} else { /* image->numcomps <= 2 : GRAY, GRAYA */ } else { /* image->numcomps <= 2 : GRAY, GRAYA */
if (prec <= 8) { if (prec <= 8) {
unsigned char *in, *inbuf, *out, *outbuf; unsigned char *in, *inbuf, *out, *outbuf;