diff options
| author | Simon Bünzli <zeniko@gmail.com> | 2014-01-12 23:00:19 +0100 |
|---|---|---|
| committer | Robin Watts <robin.watts@artifex.com> | 2014-01-13 17:22:02 +0000 |
| commit | 51d9a5673e367f03677d9ec684ec0e79fe445dd1 (patch) | |
| tree | f932b7b75bf4cd0594d66ca2c27f6d0cfdecd661 /source/fitz | |
| parent | 00f3869f8eecc202fe5f736825de5a5ee8ca4b3a (diff) | |
| download | mupdf-51d9a5673e367f03677d9ec684ec0e79fe445dd1.tar.xz | |
verify that openjpeg actually allocates data
This can be seen e.g. in:
5db811ac25ef543fd0cfa0873e155329_signal_sigsegv_c9b60f_9636_76.pdf
Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security
Team for providing the example files.
Diffstat (limited to 'source/fitz')
| -rw-r--r-- | source/fitz/load-jpx.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c index cd41277d..f1119433 100644 --- a/source/fitz/load-jpx.c +++ b/source/fitz/load-jpx.c @@ -145,6 +145,11 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs for (k = 1; k < (int)jpx->numcomps; k++) { + if (!jpx->comps[k].data) + { + opj_image_destroy(jpx); + fz_throw(ctx, FZ_ERROR_GENERIC, "image components are missing data"); + } if (jpx->comps[k].w != jpx->comps[0].w) { opj_image_destroy(jpx); |