diff options
author | stackexploit <stackexploit@gmail.com> | 2016-06-20 11:23:46 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-06-20 11:23:46 -0700 |
commit | 338a6b75994eb148d429b7abccfffaf7ae9f9b55 (patch) | |
tree | 539b10bfa8efa07d21e7e48399efe8895936aae0 /third_party/libopenjpeg20/j2k.c | |
parent | c5a8f217fedc1224104b34f7577044776a9d83d8 (diff) | |
download | pdfium-338a6b75994eb148d429b7abccfffaf7ae9f9b55.tar.xz |
openjpeg: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc.
BUG=chromium:619405
R=ochang@chromium.org
Review-Url: https://codereview.chromium.org/2071773002
Diffstat (limited to 'third_party/libopenjpeg20/j2k.c')
-rw-r--r-- | third_party/libopenjpeg20/j2k.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c index c7aa8db222..b5f6fe90f5 100644 --- a/third_party/libopenjpeg20/j2k.c +++ b/third_party/libopenjpeg20/j2k.c @@ -9010,7 +9010,9 @@ static OPJ_BOOL opj_j2k_read_SQcd_SQcc(opj_j2k_t *p_j2k, p_j2k->m_specific_param.m_decoder.m_default_tcp; /* precondition again*/ - assert(p_comp_no < p_j2k->m_private_image->numcomps); + if (p_comp_no >= p_j2k->m_private_image->numcomps) { + return OPJ_FALSE; + } l_tccp = &l_tcp->tccps[p_comp_no]; l_current_ptr = p_header_data; |