Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr (#1441)
The issue was found while fuzzing opencv: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342 The read overflow triggered by reading `src[j]` in ```cpp for (j = 0; j < max; ++j) { dst[j] = src[j]; } ``` The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.
This commit is contained in:
parent
49fea5c45e
commit
be95561917
|
@ -1108,7 +1108,7 @@ static OPJ_BOOL opj_jp2_apply_pclr(opj_image_t *image,
|
|||
pcol = cmap[i].pcol;
|
||||
src = old_comps[cmp].data;
|
||||
assert(src); /* verified above */
|
||||
max = new_comps[pcol].w * new_comps[pcol].h;
|
||||
max = new_comps[i].w * new_comps[i].h;
|
||||
|
||||
/* Direct use: */
|
||||
if (cmap[i].mtyp == 0) {
|
||||
|
|
Loading…
Reference in New Issue