verify that openjpeg actually allocates data

This can be seen e.g. in: 5db811ac25ef543fd0cfa0873e155329_signal_sigsegv_c9b60f_9636_76.pdf Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the example files.
author: Simon Bünzli <zeniko@gmail.com> 2014-01-12 23:00:19 +0100
committer: Robin Watts <robin.watts@artifex.com> 2014-01-13 17:22:02 +0000
commit: 51d9a5673e367f03677d9ec684ec0e79fe445dd1 (patch)
tree: f932b7b75bf4cd0594d66ca2c27f6d0cfdecd661
parent: 00f3869f8eecc202fe5f736825de5a5ee8ca4b3a (diff)
download: mupdf-51d9a5673e367f03677d9ec684ec0e79fe445dd1.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
index cd41277d..f1119433 100644
--- a/source/fitz/load-jpx.c
+++ b/source/fitz/load-jpx.c
@@ -145,6 +145,11 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs
 
 	for (k = 1; k < (int)jpx->numcomps; k++)
 	{
+		if (!jpx->comps[k].data)
+		{
+			opj_image_destroy(jpx);
+			fz_throw(ctx, FZ_ERROR_GENERIC, "image components are missing data");
+		}
 		if (jpx->comps[k].w != jpx->comps[0].w)
 		{
 			opj_image_destroy(jpx);
author	Simon Bünzli <zeniko@gmail.com>	2014-01-12 23:00:19 +0100
committer	Robin Watts <robin.watts@artifex.com>	2014-01-13 17:22:02 +0000
commit	51d9a5673e367f03677d9ec684ec0e79fe445dd1 (patch)
tree	f932b7b75bf4cd0594d66ca2c27f6d0cfdecd661
parent	00f3869f8eecc202fe5f736825de5a5ee8ca4b3a (diff)
download	mupdf-51d9a5673e367f03677d9ec684ec0e79fe445dd1.tar.xz