From 341b5c2c1cbd310d29ef3db2dbea1ec9b1b981ec Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Thu, 19 Jan 2017 12:42:20 -0500
Subject: Return error in opj_j2k_read_header_procedure if l_marker_size < 2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If we do not do this check, it will overflow to a huge unsigned int, so
we will allocate a lot of memory etc.

BUG=682182

Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff
Reviewed-on: https://pdfium-review.googlesource.com/2272
Reviewed-by: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
---
 third_party/libopenjpeg20/README.pdfium | 1 +
 1 file changed, 1 insertion(+)

(limited to 'third_party/libopenjpeg20/README.pdfium')

diff --git a/third_party/libopenjpeg20/README.pdfium b/third_party/libopenjpeg20/README.pdfium
index 283daf609f..0f453373f9 100644
--- a/third_party/libopenjpeg20/README.pdfium
+++ b/third_party/libopenjpeg20/README.pdfium
@@ -33,4 +33,5 @@ Local Modifications:
 0021-tcd_init_tile_negative.patch: Prevent negative x, y values in opj_tcd_init_tile.
 0022-jp2_apply_pclr_overflow.patch: Prevent integer overflow in opj_jp2_apply_pclr.
 0023-opj_j2k_read_mct_records.patch: Fix opj_j2k_read to prevent heap-use-after-free.
+0024-l_marker_size_check.patch: Return error before overflow in opj_j2k_read_header_procedure.
 TODO(thestig): List all the other patches.
-- 
cgit v1.2.3