From c0cb119c0e6a18b6a9ac2ee4305acfb71b06a63c Mon Sep 17 00:00:00 2001 From: Matthieu Darbois Date: Thu, 18 Dec 2014 22:19:52 +0000 Subject: [PATCH] [trunk] Fixed a crash on 0xh or wx0 image size decoding Update issue 427 --- src/lib/openjp2/j2k.c | 5 +++-- tests/nonregression/CMakeLists.txt | 1 + tests/nonregression/test_suite.ctest.in | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index ff00d7c4..656bf6de 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -1981,8 +1981,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, } /* testcase 4035.pdf.SIGSEGV.d8b.3375 */ - if (l_image->x0 > l_image->x1 || l_image->y0 > l_image->y1) { - opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: negative image size (%d x %d)\n", l_image->x1 - l_image->x0, l_image->y1 - l_image->y0); + /* testcase issue427-null-image-size.jp2 */ + if ((l_image->x0 >= l_image->x1) || (l_image->y0 >= l_image->y1)) { + opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: negative or zero image size (%d x %d)\n", l_image->x1 - l_image->x0, l_image->y1 - l_image->y0); return OPJ_FALSE; } /* testcase 2539.pdf.SIGFPE.706.1712 (also 3622.pdf.SIGFPE.706.2916 and 4008.pdf.SIGFPE.706.3345 and maybe more) */ diff --git a/tests/nonregression/CMakeLists.txt b/tests/nonregression/CMakeLists.txt index 242e52fe..be349ec0 100644 --- a/tests/nonregression/CMakeLists.txt +++ b/tests/nonregression/CMakeLists.txt @@ -43,6 +43,7 @@ set(BLACKLIST_JPEG2000_TMP edf_c2_1674177.jp2 edf_c2_1673169.jp2 issue429.jp2 + issue427-null-image-size.jp2 ) # Define a list of file which should be gracefully rejected: diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in index 4dcc0a67..ace54f94 100644 --- a/tests/nonregression/test_suite.ctest.in +++ b/tests/nonregression/test_suite.ctest.in @@ -229,6 +229,8 @@ opj_decompress -i @INPUT_NR_PATH@/issue411-ycc420.jp2 -o @TEMP_PATH@/issue411-yc !opj_decompress -i @INPUT_NR_PATH@/issue429.jp2 -o @TEMP_PATH@/issue429.jp2.pgx # issue 432 (from pdfium fuzz engine) Overflow in tcd tilec data size computation. !opj_decompress -i @INPUT_NR_PATH@/issue432.jp2 -o @TEMP_PATH@/issue432.jp2.pgx +# issue 427 image width is 0 +!opj_decompress -i @INPUT_NR_PATH@/issue427-null-image-size.jp2 -o @TEMP_PATH@/issue427-null-image-size.jp2.pgx # decode with specific area # prec=12; nb_c=1