From e13ad88925bde037f4ed3b60f9ea5f01b883aa6e Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Tue, 28 Feb 2017 18:24:29 -0500
Subject: LibOpenJPEG upstream: check size in opj_j2k_read_siz

This happens to fix the bug in question but I suspect they still do not
have enough checks to prevent undefined shifts. Patch:
https://github.com/uclouvain/openjpeg/pull/762/commits/5afb4d0546dd1b0a162b4e895cfdcfa4b32f1180

BUG=694042

Change-Id: I9466eb2b095f07233517ff5f1bcb0c2437be78ac
Reviewed-on: https://pdfium-review.googlesource.com/2888
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
---
 ...8-upstream-check-size-in-opj_j2k_read_siz.patch | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch

(limited to 'third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch')

diff --git a/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch b/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
new file mode 100644
index 0000000000..22d5562a77
--- /dev/null
+++ b/third_party/libopenjpeg20/0028-upstream-check-size-in-opj_j2k_read_siz.patch
@@ -0,0 +1,22 @@
+diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c
+index e77edd22b..cb5a28373 100644
+--- a/third_party/libopenjpeg20/j2k.c
++++ b/third_party/libopenjpeg20/j2k.c
+@@ -2117,10 +2117,16 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
+                 if( l_img_comp->dx < 1 || l_img_comp->dx > 255 ||
+                     l_img_comp->dy < 1 || l_img_comp->dy > 255 ) {
+                     opj_event_msg(p_manager, EVT_ERROR,
+-                                  "Invalid values for comp = %d : dx=%u dy=%u\n (should be between 1 and 255 according the JPEG2000 norm)",
++                                  "Invalid values for comp = %d : dx=%u dy=%u (should be between 1 and 255 according to the JPEG2000 norm)\n",
+                                   i, l_img_comp->dx, l_img_comp->dy);
+                     return OPJ_FALSE;
+                 }
++                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
++                    opj_event_msg(p_manager, EVT_ERROR,
++                                  "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
++                                  i, l_img_comp->prec);
++                    return OPJ_FALSE;
++                }
+ 
+ #ifdef USE_JPWL
+                 if (l_cp->correct) {
-- 
cgit v1.2.3