opj_decompress: fix double-free on input directory with mix of valid and invalid images (CVE-2020-15389)

Fixes #1261

Credits to @Ruia-ruia for reporting and analysis.
This commit is contained in:
Even Rouault 2020-06-28 14:19:59 +02:00
parent 172c8ae5cf
commit e8e258ab04
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 4 additions and 4 deletions

View File

@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
opj_decompress_parameters parameters; /* decompression parameters */ opj_decompress_parameters parameters; /* decompression parameters */
opj_image_t* image = NULL;
opj_stream_t *l_stream = NULL; /* Stream */
opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
opj_codestream_index_t* cstr_index = NULL;
OPJ_INT32 num_images, imageno; OPJ_INT32 num_images, imageno;
img_fol_t img_fol; img_fol_t img_fol;
@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
/*Decoding image one by one*/ /*Decoding image one by one*/
for (imageno = 0; imageno < num_images ; imageno++) { for (imageno = 0; imageno < num_images ; imageno++) {
opj_image_t* image = NULL;
opj_stream_t *l_stream = NULL; /* Stream */
opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
opj_codestream_index_t* cstr_index = NULL;
if (!parameters.quiet) { if (!parameters.quiet) {
fprintf(stderr, "\n"); fprintf(stderr, "\n");