blob: 25c3933c655de3959c92f10486b131220a073d9e [file] [log] [blame] [edit]
commit dea92eea8b6ab55f7eb542ea229b2c2124aa2124
Author: Even Rouault <even.rouault@spatialys.com>
Date: Fri Jun 21 15:08:24 2024 +0200
opj_j2k_read_sod(): validate opj_stream_read_data() return to avoid potential later heap-buffer-overflow in in opj_t1_decode_cblk when disabling strict mode
Fixes #1533
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 293f7579..7cdeffd7 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -5059,6 +5059,11 @@ static OPJ_BOOL opj_j2k_read_sod(opj_j2k_t *p_j2k,
}
if (l_current_read_size != p_j2k->m_specific_param.m_decoder.m_sot_length) {
+ if (l_current_read_size == (OPJ_SIZE_T)(-1)) {
+ /* Avoid issue of https://github.com/uclouvain/openjpeg/issues/1533 */
+ opj_event_msg(p_manager, EVT_ERROR, "Stream too short\n");
+ return OPJ_FALSE;
+ }
p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_NEOC;
} else {
p_j2k->m_specific_param.m_decoder.m_state = J2K_STATE_TPHSOT;