From 7ce3f3c1a636439a6f0dc5fffc58f7f69f9febd4 Mon Sep 17 00:00:00 2001
From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
Date: Tue, 25 Feb 2014 13:50:29 +0000
Subject: [PATCH] [trunk] Import commit
 4cee6ceab21025079f439bb152fb9d8ae8c5c832 from ghostpdl

Bug 694906: fix potential heap overflow in opj_t2_read_packet_header

Update issue 225
---
 src/lib/openjp2/t2.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index 7c1eb704..17d5b22c 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -885,7 +885,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
                 /* EPH markers */
                 if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                        if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
+                        if (p_max_length < 2) {
+                                fprintf(stderr, "Not enough space for expected EPH marker\n");
+                        } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                                 printf("Error : expected EPH marker\n");
                         } else {
                                 l_header_data += 2;
@@ -1014,7 +1016,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
         /* EPH markers */
         if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
+                if (p_max_length < 2) {
+                        fprintf(stderr, "Not enough space for expected EPH marker\n");
+                } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                         /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */
                 } else {
                         l_header_data += 2;