From 959ebdab5e8f719cd2bfbb4535ea7f4a11cd7283 Mon Sep 17 00:00:00 2001
From: Antonin Descampe <antonin@gmail.com>
Date: Wed, 30 Sep 2015 09:00:50 +0200
Subject: [PATCH] Gracefully reject codestreams with malformed SIZ markers

Update #603
---
 libopenjpeg/j2k.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libopenjpeg/j2k.c b/libopenjpeg/j2k.c
index 2bca97ac..71c1c8bb 100644
--- a/libopenjpeg/j2k.c
+++ b/libopenjpeg/j2k.c
@@ -432,13 +432,17 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
 		opj_event_msg(j2k->cinfo, EVT_ERROR,
 									"invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n",
 									image->x0,image->x1,image->y0,image->y1);
+        j2k->state |= J2K_STATE_ERR;
 		return;
 	}
 	
   n_comps = (len - 36 - 2 ) / 3;
-  assert( (len - 36 - 2 ) % 3 == 0 );
-	image->numcomps = cio_read(cio, 2);	/* Csiz */
-  assert( n_comps == image->numcomps );
+  image->numcomps = cio_read(cio, 2);	/* Csiz */
+  if (((len - 36 - 2 ) % 3 != 0)||(n_comps != image->numcomps)) {
+      opj_event_msg(j2k->cinfo, EVT_ERROR,"invalid SIZ marker value\n");
+      j2k->state |= J2K_STATE_ERR;
+      return;
+  }
 
   /* testcase 4035.pdf.SIGSEGV.d8b.3375 */
   if (image->x0 > image->x1 || image->y0 > image->y1) {