Chiebot-Mirror
/
opencv
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr

Browse Source 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342

The read overflow triggered by reading `src[j]` in
```cpp
            for (j = 0; j < max; ++j) {
                dst[j] = src[j];
            }
```
The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.
pull/23067/head
Alex 2 years ago committed by GitHub
parent 9208dcb07c
commit a2fc479c0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      3rdparty/openjpeg/openjp2/jp2.c

2
3rdparty/openjpeg/openjp2/jp2.c vendored
Unescape View File

@ -1108,7 +1108,7 @@ static OPJ_BOOL opj_jp2_apply_pclr(opj_image_t *image,
pcol = cmap[i].pcol;
src = old_comps[cmp].data;
assert(src); /* verified above */
max = new_comps[pcol].w * new_comps[pcol].h;
max = new_comps[i].w * new_comps[i].h;
/* Direct use: */
if (cmap[i].mtyp == 0) {

Write Preview
Loading…
Cancel
Save