Return error in opj_j2k_read_header_procedure if l_marker_size < 2

If we do not do this check, it will overflow to a huge unsigned int, so we will allocate a lot of memory etc. BUG=682182 Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff Reviewed-on: https://pdfium-review.googlesource.com/2272 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-01-19 12:42:20 -0500
committer: Chromium commit bot <commit-bot@chromium.org> 2017-01-19 18:32:40 +0000
commit: 341b5c2c1cbd310d29ef3db2dbea1ec9b1b981ec (patch)
tree: 2d90abe61ac7c2ae5cada27563b7eb325fe6858e /third_party/libopenjpeg20/README.pdfium
parent: 95bec8046a28928df627ce4d48eee8b209b3e36e (diff)
download: pdfium-341b5c2c1cbd310d29ef3db2dbea1ec9b1b981ec.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium
index 283daf609f..0f453373f9 100644
--- a/third_party/libopenjpeg20/README.pdfium
+++ b/third_party/libopenjpeg20/README.pdfium
@@ -33,4 +33,5 @@ Local Modifications:
 0021-tcd_init_tile_negative.patch: Prevent negative x, y values in opj_tcd_init_tile.
 0022-jp2_apply_pclr_overflow.patch: Prevent integer overflow in opj_jp2_apply_pclr.
 0023-opj_j2k_read_mct_records.patch: Fix opj_j2k_read to prevent heap-use-after-free.
+0024-l_marker_size_check.patch: Return error before overflow in opj_j2k_read_header_procedure.
 TODO(thestig): List all the other patches.
author	Nicolas Pena <npm@chromium.org>	2017-01-19 12:42:20 -0500
committer	Chromium commit bot <commit-bot@chromium.org>	2017-01-19 18:32:40 +0000
commit	341b5c2c1cbd310d29ef3db2dbea1ec9b1b981ec (patch)
tree	2d90abe61ac7c2ae5cada27563b7eb325fe6858e /third_party/libopenjpeg20/README.pdfium
parent	95bec8046a28928df627ce4d48eee8b209b3e36e (diff)
download	pdfium-341b5c2c1cbd310d29ef3db2dbea1ec9b1b981ec.tar.xz