From 70f5e0a0df0b97a5675673b779105dc8e5cfed30 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Tue, 18 Jan 2022 15:44:18 +0100
Subject: [PATCH] opj_j2k_setup_encoder(): validate number of tiles to avoid
 illegal values and potential overflow (fixes #1399)

---
 src/lib/openjp2/j2k.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 91683f55..e1901a31 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -7953,6 +7953,13 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k,
                                              (OPJ_INT32)cp->tdx);
         cp->th = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(image->y1 - cp->ty0),
                                              (OPJ_INT32)cp->tdy);
+        /* Check that the number of tiles is valid */
+        if (cp->tw > 65535 / cp->th) {
+            opj_event_msg(p_manager, EVT_ERROR,
+                          "Invalid number of tiles : %u x %u (maximum fixed by jpeg2000 norm is 65535 tiles)\n",
+                          cp->tw, cp->th);
+            return OPJ_FALSE;
+        }
     } else {
         cp->tdx = image->x1 - cp->tx0;
         cp->tdy = image->y1 - cp->ty0;