From 51d9a5673e367f03677d9ec684ec0e79fe445dd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BCnzli?= Date: Sun, 12 Jan 2014 23:00:19 +0100 Subject: verify that openjpeg actually allocates data This can be seen e.g. in: 5db811ac25ef543fd0cfa0873e155329_signal_sigsegv_c9b60f_9636_76.pdf Thanks to Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for providing the example files. --- source/fitz/load-jpx.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c index cd41277d..f1119433 100644 --- a/source/fitz/load-jpx.c +++ b/source/fitz/load-jpx.c @@ -145,6 +145,11 @@ fz_load_jpx(fz_context *ctx, unsigned char *data, int size, fz_colorspace *defcs for (k = 1; k < (int)jpx->numcomps; k++) { + if (!jpx->comps[k].data) + { + opj_image_destroy(jpx); + fz_throw(ctx, FZ_ERROR_GENERIC, "image components are missing data"); + } if (jpx->comps[k].w != jpx->comps[0].w) { opj_image_destroy(jpx); -- cgit v1.2.3