From e0993d072a0cd8c60d9babd30c58320f13eff867 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Mon, 12 Jul 2021 15:31:28 +0200 Subject: [PATCH] opj_j2k_is_imf_compliant: Fix out of bounds access. Previously when mainlevel was parsed == 12 openjpeg would generate a warning, but then the sublevel value would be compared to an out of bounds element in the tabMaxSubLevelFromMainLevel array. From this commit OpenJPEG will only use mainlevel if in range. --- src/lib/openjp2/j2k.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index c3696edbf..c9aa4eee8 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -7101,19 +7101,21 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters, mainlevel); ret = OPJ_FALSE; } - - /* Validate sublevel */ - assert(sizeof(tabMaxSubLevelFromMainLevel) == - (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0])); - if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) { - opj_event_msg(p_manager, EVT_WARNING, - "IMF profile require sublevel <= %d for mainlevel = %d.\n" - "-> %d is thus not compliant\n" - "-> Non-IMF codestream will be generated\n", - tabMaxSubLevelFromMainLevel[mainlevel], - mainlevel, - sublevel); - ret = OPJ_FALSE; + else + { + /* Validate sublevel */ + assert(sizeof(tabMaxSubLevelFromMainLevel) == + (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0])); + if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) { + opj_event_msg(p_manager, EVT_WARNING, + "IMF profile require sublevel <= %d for mainlevel = %d.\n" + "-> %d is thus not compliant\n" + "-> Non-IMF codestream will be generated\n", + tabMaxSubLevelFromMainLevel[mainlevel], + mainlevel, + sublevel); + ret = OPJ_FALSE; + } } /* Number of components */