opj_j2k_read_sot(): check current TPSot number regarding previous (non-zero) TNsot to avoid opj_j2k_merge_ppt() to be called several times. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851. Credit to OSS Fuzz

This commit is contained in:
Even Rouault 2017-08-04 18:01:29 +02:00
parent 155fc2e279
commit 2fbd4bb0b9
1 changed files with 10 additions and 0 deletions

View File

@ -4378,6 +4378,16 @@ static OPJ_BOOL opj_j2k_read_sot(opj_j2k_t *p_j2k,
p_j2k->m_specific_param.m_decoder.m_last_tile_part = 1; p_j2k->m_specific_param.m_decoder.m_last_tile_part = 1;
} }
if (l_tcp->m_nb_tile_parts != 0 && l_current_part >= l_tcp->m_nb_tile_parts) {
/* Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851 */
opj_event_msg(p_manager, EVT_ERROR,
"In SOT marker, TPSot (%d) is not valid regards to the previous "
"number of tile-part (%d), giving up\n", l_current_part,
l_tcp->m_nb_tile_parts);
p_j2k->m_specific_param.m_decoder.m_last_tile_part = 1;
return OPJ_FALSE;
}
if (l_num_parts != if (l_num_parts !=
0) { /* Number of tile-part header is provided by this tile-part header */ 0) { /* Number of tile-part header is provided by this tile-part header */
l_num_parts += p_j2k->m_specific_param.m_decoder.m_nb_tile_parts_correction; l_num_parts += p_j2k->m_specific_param.m_decoder.m_nb_tile_parts_correction;