Merge pull request #1491 from headshog/fix-j2k-header

Integer Overflow at j2k.c:11114
uclouvain · Dec 8, 2023 · 00e0bdc · 00e0bdc
2 parents 03afd06 + 67e6a79
commit 00e0bdc
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
@@ -11101,6 +11101,10 @@ static OPJ_BOOL opj_j2k_read_SQcd_SQcc(opj_j2k_t *p_j2k,
                 l_tccp->stepsizes[l_band_no].mant = 0;
             }
         }
+
+        if (*p_header_size < l_num_band) {
+            return OPJ_FALSE;
+        }
         *p_header_size = *p_header_size - l_num_band;
     } else {
         for (l_band_no = 0; l_band_no < l_num_band; l_band_no++) {
@@ -11111,6 +11115,10 @@ static OPJ_BOOL opj_j2k_read_SQcd_SQcc(opj_j2k_t *p_j2k,
                 l_tccp->stepsizes[l_band_no].mant = l_tmp & 0x7ff;
             }
         }
+
+        if (*p_header_size < 2 * l_num_band) {
+            return OPJ_FALSE;
+        }
         *p_header_size = *p_header_size - 2 * l_num_band;
     }