[trunk] fixed potential negative size params (fixes issue 390)

2014-10-06 21:05:32 +00:00
parent f126eb0d41
commit eb7c6d295a
3 changed files with 5 additions and 4 deletions
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -1265,7 +1265,8 @@ OPJ_BOOL opj_t2_skip_packet_data(   opj_t2_t* p_t2,
                        }

                        do {
-                                if (* p_data_read + l_seg->newlen > p_max_length) {
+                                /* Check possible overflow then size */
+                                if (((*p_data_read + l_seg->newlen) < (*p_data_read)) || ((*p_data_read + l_seg->newlen) > p_max_length)) {
                                        fprintf(stderr, "skip: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
                                                l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
                                        return OPJ_FALSE;