[trunk] Fixed a crash on illegal tile offset when decoding
Update issue 427
This commit is contained in:
parent
c0cb119c0e
commit
58fc86452d
@ -1919,7 +1919,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
|
||||
OPJ_UINT32 l_nb_comp_remain;
|
||||
OPJ_UINT32 l_remaining_size;
|
||||
OPJ_UINT32 l_nb_tiles;
|
||||
OPJ_UINT32 l_tmp;
|
||||
OPJ_UINT32 l_tmp, l_tx1, l_ty1;
|
||||
opj_image_t *l_image = 00;
|
||||
opj_cp_t *l_cp = 00;
|
||||
opj_image_comp_t * l_img_comp = 00;
|
||||
@ -1998,6 +1998,20 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
|
||||
return OPJ_FALSE;
|
||||
}
|
||||
|
||||
/* testcase issue427-illegal-tile-offset.jp2 */
|
||||
l_tx1 = l_cp->tx0 + l_cp->tdx;
|
||||
if (l_tx1 < l_cp->tx0) { /* manage overflow */
|
||||
l_tx1 = 0xFFFFFFFFU;
|
||||
}
|
||||
l_ty1 = l_cp->ty0 + l_cp->tdy;
|
||||
if (l_ty1 < l_cp->ty0) { /* manage overflow */
|
||||
l_ty1 = 0xFFFFFFFFU;
|
||||
}
|
||||
if ((l_cp->tx0 > l_image->x0) || (l_cp->ty0 > l_image->y0) || (l_tx1 <= l_image->x0) || (l_ty1 <= l_image->y0) ) {
|
||||
opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: illegal tile offset\n");
|
||||
return OPJ_FALSE;
|
||||
}
|
||||
|
||||
#ifdef USE_JPWL
|
||||
if (l_cp->correct) {
|
||||
/* if JPWL is on, we check whether TX errors have damaged
|
||||
|
@ -44,6 +44,7 @@ set(BLACKLIST_JPEG2000_TMP
|
||||
edf_c2_1673169.jp2
|
||||
issue429.jp2
|
||||
issue427-null-image-size.jp2
|
||||
issue427-illegal-tile-offset.jp2
|
||||
)
|
||||
|
||||
# Define a list of file which should be gracefully rejected:
|
||||
|
@ -231,6 +231,8 @@ opj_decompress -i @INPUT_NR_PATH@/issue411-ycc420.jp2 -o @TEMP_PATH@/issue411-yc
|
||||
!opj_decompress -i @INPUT_NR_PATH@/issue432.jp2 -o @TEMP_PATH@/issue432.jp2.pgx
|
||||
# issue 427 image width is 0
|
||||
!opj_decompress -i @INPUT_NR_PATH@/issue427-null-image-size.jp2 -o @TEMP_PATH@/issue427-null-image-size.jp2.pgx
|
||||
# issue 427 illegal tile offset
|
||||
!opj_decompress -i @INPUT_NR_PATH@/issue427-illegal-tile-offset.jp2 -o @TEMP_PATH@/issue427-illegal-tile-offset.jp2.pgx
|
||||
|
||||
# decode with specific area
|
||||
# prec=12; nb_c=1
|
||||
|
Loading…
Reference in New Issue
Block a user