walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

[1.5] missing range check in j2k_read_coc et al. 

Fixes issue 166
This commit is contained in:
Mathieu Malaterre 2012-10-02 07:17:09 +00:00
parent e55d5e29e0
commit 46831582b2
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libopenjpeg/j2k.c
View File

@ -835,6 +835,12 @@ static void j2k_read_coc(opj_j2k_t *j2k) {
len = cio_read(cio, 2); /* Lcoc */ len = cio_read(cio, 2); /* Lcoc */
compno = cio_read(cio, image->numcomps <= 256 ? 1 : 2); /* Ccoc */ compno = cio_read(cio, image->numcomps <= 256 ? 1 : 2); /* Ccoc */
if (compno >= image->numcomps) {
opj_event_msg(j2k->cinfo, EVT_ERROR,
"bad component number in COC (%d out of a maximum of %d)\n",
compno, image->numcomps);
return;
}
tcp->tccps[compno].csty = cio_read(cio, 1); /* Scoc */ tcp->tccps[compno].csty = cio_read(cio, 1); /* Scoc */
j2k_read_cox(j2k, compno); j2k_read_cox(j2k, compno);
} }
@ -1016,9 +1022,16 @@ static void j2k_read_qcc(opj_j2k_t *j2k) {
/* keep your private count of tiles */ /* keep your private count of tiles */
backup_compno++; backup_compno++;
}; }
#endif /* USE_JPWL */ #endif /* USE_JPWL */
if ((compno < 0) || (compno >= numcomp)) {
opj_event_msg(j2k->cinfo, EVT_ERROR,
"bad component number in QCC (%d out of a maximum of %d)\n",
compno, j2k->image->numcomps);
return;
}
j2k_read_qcx(j2k, compno, len - 2 - (numcomp <= 256 ? 1 : 2)); j2k_read_qcx(j2k, compno, len - 2 - (numcomp <= 256 ? 1 : 2));
} }
@ -1602,6 +1615,13 @@ static void j2k_read_rgn(opj_j2k_t *j2k) {
}; };
#endif /* USE_JPWL */ #endif /* USE_JPWL */
if (compno >= numcomps) {
opj_event_msg(j2k->cinfo, EVT_ERROR,
"bad component number in RGN (%d out of a maximum of %d)\n",
compno, j2k->image->numcomps);
return;
}
tcp->tccps[compno].roishift = cio_read(cio, 1); /* SPrgn */ tcp->tccps[compno].roishift = cio_read(cio, 1); /* SPrgn */
} }