diff options
author | Shailesh Mistry <shailesh.mistry@hotmail.co.uk> | 2014-02-14 18:20:36 +0100 |
---|---|---|
committer | Henry Stiles <henry.stiles@artifex.com> | 2014-02-23 20:05:24 -0700 |
commit | b17894bfedaf7b76edac15f681a4bd08717c65c0 (patch) | |
tree | 81a8c975138cefa65c8c0d600135ab91e599cd88 | |
parent | 7bd3739a888f70edf0270891782a88a547f5e829 (diff) | |
download | ghostpdl-b17894bfedaf7b76edac15f681a4bd08717c65c0.tar.gz |
Bug 694906: fix potential heap overflow in opj_t2_read_packet_header
Signed-off-by: Henry Stiles <henry.stiles@artifex.com>
-rw-r--r-- | gs/openjpeg/libopenjpeg/t2.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/gs/openjpeg/libopenjpeg/t2.c b/gs/openjpeg/libopenjpeg/t2.c index 5ba0c7319..8dbe6ed49 100644 --- a/gs/openjpeg/libopenjpeg/t2.c +++ b/gs/openjpeg/libopenjpeg/t2.c @@ -889,7 +889,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + if (p_max_length < 2) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { fprintf(stderr, "Error : expected EPH marker\n"); } else { l_header_data += 2; @@ -1018,7 +1020,9 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + if (p_max_length < 2) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */ } else { l_header_data += 2; |