Upstream patch for CVE-2012-3535. --- libopenjpeg/j2k.c 2012-10-02 13:20:29.000000000 +0000 +++ libopenjpeg/j2k.c.oden 2012-10-02 13:20:43.000000000 +0000 @@ -720,6 +720,13 @@ static void j2k_read_cox(opj_j2k_t *j2k, j2k->state |= J2K_STATE_ERR; } + if( tccp->numresolutions > J2K_MAXRLVLS ) { + opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n", + compno, tccp->numresolutions, J2K_MAXRLVLS); + j2k->state |= J2K_STATE_ERR; + tccp->numresolutions = J2K_MAXRLVLS; + } + tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */ tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */ tccp->cblksty = cio_read(cio, 1); /* SPcox (G) */