walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Merge pull request #1304 from rouault/fix_1302 

pi.c: avoid out of bounds access with POC (fixes #1302)
This commit is contained in:
Even Rouault 2020-12-05 11:39:23 +01:00 committed by GitHub
parent 43dd9ee178 8f5aff1dff
commit 5d0a8b08dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/lib/openjp2/pi.c
View File

@ -240,6 +240,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi)
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
"opj_pi_next_lrcp(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@ -293,6 +300,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_iterator_t * pi)
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
"opj_pi_next_rlcp(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@ -339,6 +353,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_iterator_t * pi)
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
"opj_pi_next_rpcl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
if (!pi->first) {
goto LABEL_SKIP;
} else {
@ -474,7 +495,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi)
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
"opj_pi_next_pcrl(): invalid compno0/compno1");
"opj_pi_next_pcrl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
@ -612,7 +633,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi)
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
"opj_pi_next_cprl(): invalid compno0/compno1");
"opj_pi_next_cprl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}