LibOpenJPEG upstream: check size in opj_j2k_read_siz

This happens to fix the bug in question but I suspect they still do not have enough checks to prevent undefined shifts. Patch: https://github.com/uclouvain/openjpeg/pull/762/commits/5afb4d0546dd1b0a162b4e895cfdcfa4b32f1180 BUG=694042 Change-Id: I9466eb2b095f07233517ff5f1bcb0c2437be78ac Reviewed-on: https://pdfium-review.googlesource.com/2888 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-02-28 18:24:29 -0500
committer: Chromium commit bot <commit-bot@chromium.org> 2017-03-01 16:25:24 +0000
commit: e13ad88925bde037f4ed3b60f9ea5f01b883aa6e (patch)
tree: 7014ced156dcf9e1ebde1b34cff7dab76292886e /third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
parent: d1aee7ce47383377888a3b88bfffc340330190da (diff)
download: pdfium-e13ad88925bde037f4ed3b60f9ea5f01b883aa6e.tar.xz
1 files changed, 22 insertions, 0 deletions
diff --git a/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch b/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
new file mode 100644
index 0000000000..22d5562a77
--- /dev/null
+++ b/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
@@ -0,0 +1,22 @@
+diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
+index e77edd22b..cb5a28373 100644
+--- a/third_party/libopenjpeg20/j2k.c
++++ b/third_party/libopenjpeg20/j2k.c
+@@ -2117,10 +2117,16 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                 if( l_img_comp->dx < 1 || l_img_comp->dx > 255 ||
+                     l_img_comp->dy < 1 || l_img_comp->dy > 255 ) {
+                     opj_event_msg(p_manager, EVT_ERROR,
+-                                  "Invalid values for comp = %d : dx=%u dy=%u\n (should be between 1 and 255 according the JPEG2000 norm)",
++                                  "Invalid values for comp = %d : dx=%u dy=%u (should be between 1 and 255 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
++                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                    opj_event_msg(p_manager, EVT_ERROR,
++                                  "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
++                                  i, l_img_comp->prec);
++                    return OPJ_FALSE;
++                }
+ 
+ #ifdef USE_JPWL
+                 if (l_cp->correct) {
author	Nicolas Pena <npm@chromium.org>	2017-02-28 18:24:29 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	2017-03-01 16:25:24 +0000
commit	e13ad88925bde037f4ed3b60f9ea5f01b883aa6e (patch)
tree	7014ced156dcf9e1ebde1b34cff7dab76292886e /third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
parent	d1aee7ce47383377888a3b88bfffc340330190da (diff)
download	pdfium-e13ad88925bde037f4ed3b60f9ea5f01b883aa6e.tar.xz