Sophie

Sophie

distrib > Mageia > 6 > x86_64 > by-pkgid > 2a14ab28d3513e03783c49ebdf4ee8f9 > files > 11

openjpeg2-2.2.0-1.4.mga6.src.rpm

--- a/src/lib/openjp2/j2k.c.orig	2017-12-28 11:42:18.905030299 -0500
+++ b/src/lib/openjp2/j2k.c	2017-12-28 11:57:38.782344064 -0500
@@ -839,6 +839,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2
 */
 static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
                                   OPJ_BYTE * p_data,
+                                  OPJ_UINT32 p_total_data_size,
                                   OPJ_UINT32 * p_data_written,
                                   const opj_stream_private_t *p_stream,
                                   opj_event_mgr_t * p_manager);
@@ -4201,6 +4202,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2
 
 static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
                                   OPJ_BYTE * p_data,
+                                  OPJ_UINT32 p_total_data_size,
                                   OPJ_UINT32 * p_data_written,
                                   const opj_stream_private_t *p_stream,
                                   opj_event_mgr_t * p_manager
@@ -4212,7 +4214,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2
     assert(p_stream != 00);
 
     OPJ_UNUSED(p_stream);
-    OPJ_UNUSED(p_manager);
+
+    if (p_total_data_size < 12) {
+        opj_event_msg(p_manager, EVT_ERROR,
+		      "Not enough bytes in output buffer to write SOT marker\n");
+	return OPJ_FALSE;
+    }
 
     opj_write_bytes(p_data, J2K_MS_SOT,
                     2);                                 /* SOT */
@@ -4608,6 +4615,12 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2
 
     OPJ_UNUSED(p_stream);
 
+    if (p_total_data_size < 4) {
+        opj_event_msg(p_manager, EVT_ERROR,
+		      "Not enough bytes in output buffer to write SOD marker\n");
+	return OPJ_FALSE;
+    }
+
     opj_write_bytes(p_data, J2K_MS_SOD,
                     2);                                 /* SOD */
     p_data += 2;
@@ -11472,7 +11485,7 @@ static OPJ_BOOL opj_j2k_write_first_tile
 
     l_current_nb_bytes_written = 0;
     l_begin_data = p_data;
-    if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+    if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, &l_current_nb_bytes_written, p_stream,
                             p_manager)) {
         return OPJ_FALSE;
     }
@@ -11564,7 +11577,7 @@ static OPJ_BOOL opj_j2k_write_all_tile_p
         l_part_tile_size = 0;
         l_begin_data = p_data;
 
-        if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+        if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, &l_current_nb_bytes_written, p_stream,
                                 p_manager)) {
             return OPJ_FALSE;
         }
@@ -11607,7 +11620,7 @@ static OPJ_BOOL opj_j2k_write_all_tile_p
             l_part_tile_size = 0;
             l_begin_data = p_data;
 
-            if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
+            if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, &l_current_nb_bytes_written, p_stream,
                                     p_manager)) {
                 return OPJ_FALSE;
             }
--- a/src/lib/openjp2/t2.c.orig	2017-12-28 11:42:18.905030299 -0500
+++ b/src/lib/openjp2/t2.c	2017-12-28 11:59:41.883831071 -0500
@@ -618,6 +618,9 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
 
     /* <SOP 0xff91> */
     if (tcp->csty & J2K_CP_CSTY_SOP) {
+        if (length < 6) {
+		return OPJ_FALSE;
+	}
         c[0] = 255;
         c[1] = 145;
         c[2] = 0;
@@ -806,6 +809,9 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
 
     /* <EPH 0xff92> */
     if (tcp->csty & J2K_CP_CSTY_EPH) {
+        if (length < 2) {
+		return OPJ_FALSE;
+	}
         c[0] = 255;
         c[1] = 146;
         c += 2;

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional