From 5a3e7aaf339943bc988adbada39a1fc8f5046899 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 29 Jul 2017 17:56:12 +0200
Subject: [PATCH] color_cielab_to_rgb(): reject images with components of
 different dimensions to void read heap buffer overflow (#909)

---
 src/bin/common/color.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 6c74bf31..8bb96043 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -781,6 +781,18 @@ fails3:
     }
 }/* color_apply_icc_profile() */
 
+static int are_comps_same_dimensions(opj_image_t * image)
+{
+    unsigned int i;
+    for (i = 1; i < image->numcomps; i++) {
+        if (image->comps[0].dx != image->comps[i].dx ||
+                image->comps[0].dy != image->comps[i].dy) {
+            return OPJ_FALSE;
+        }
+    }
+    return OPJ_TRUE;
+}
+
 void color_cielab_to_rgb(opj_image_t *image)
 {
     int *row;
@@ -794,6 +806,12 @@ void color_cielab_to_rgb(opj_image_t *image)
                 __FILE__, __LINE__, numcomps);
         return;
     }
+    if (!are_comps_same_dimensions(image)) {
+        fprintf(stderr,
+                "%s:%d:\n\tcomponents are not all of the same dimension. Quitting.\n",
+                __FILE__, __LINE__);
+        return;
+    }
 
     row = (int*)image->icc_profile_buf;
     enumcs = row[0];