[PATCH] opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)

Gbp-Pq: Name CVE-2020-6851.patch
This commit is contained in:
Even Rouault 2020-01-11 01:51:19 +01:00 committed by openKylinBot
parent 7ff9b4fd9b
commit ff08967f85
1 changed files with 8 additions and 0 deletions

View File

@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dimensions(opj_image_t* p_image,
l_img_comp = p_image->comps; l_img_comp = p_image->comps;
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
OPJ_INT32 l_h, l_w; OPJ_INT32 l_h, l_w;
if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
p_image->y0 > (OPJ_UINT32)INT_MAX ||
p_image->x1 > (OPJ_UINT32)INT_MAX ||
p_image->y1 > (OPJ_UINT32)INT_MAX) {
opj_event_msg(p_manager, EVT_ERROR,
"Image coordinates above INT_MAX are not supported\n");
return OPJ_FALSE;
}
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
(OPJ_INT32)l_img_comp->dx); (OPJ_INT32)l_img_comp->dx);