From 5bd5d894eb953eac8642b31db4f0943bb039540a Mon Sep 17 00:00:00 2001 From: Mathieu Malaterre Date: Fri, 20 Jan 2012 14:43:49 +0000 Subject: [PATCH] Fix: MSVR-11-117 - Vulnerability Report. --- libopenjpeg/jp2.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libopenjpeg/jp2.c b/libopenjpeg/jp2.c index 51781204..04381bd7 100644 --- a/libopenjpeg/jp2.c +++ b/libopenjpeg/jp2.c @@ -94,7 +94,7 @@ Apply collected palette data @param color Collector for profile, cdef and pclr data @param image */ -static void jp2_apply_pclr(opj_jp2_color_t *color, opj_image_t *image); +static void jp2_apply_pclr(opj_jp2_color_t *color, opj_image_t *image, opj_common_ptr cinfo); /** Collect palette data @param jp2 JP2 handle @@ -344,7 +344,7 @@ static void free_color_data(opj_jp2_color_t *color) if(color->icc_profile_buf) opj_free(color->icc_profile_buf); } -static void jp2_apply_pclr(opj_jp2_color_t *color, opj_image_t *image) +static void jp2_apply_pclr(opj_jp2_color_t *color, opj_image_t *image, opj_common_ptr cinfo) { opj_image_comp_t *old_comps, *new_comps; unsigned char *channel_size, *channel_sign; @@ -369,7 +369,10 @@ static void jp2_apply_pclr(opj_jp2_color_t *color, opj_image_t *image) { pcol = cmap[i].pcol; cmp = cmap[i].cmp; - new_comps[pcol] = old_comps[cmp]; + if( pcol < nr_channels ) + new_comps[pcol] = old_comps[cmp]; + else + opj_event_msg(cinfo, EVT_ERROR, "Error with pcol value. skipping\n"); if(cmap[i].mtyp == 0) /* Direct use */ { @@ -769,7 +772,7 @@ opj_image_t* opj_jp2_decode(opj_jp2_t *jp2, opj_cio_t *cio, if( !color.jp2_pclr->cmap) jp2_free_pclr(&color); else - jp2_apply_pclr(&color, image); + jp2_apply_pclr(&color, image, cinfo); } if(color.icc_profile_buf) {