openjp2/jp2: Validate all SGcod and SPcod parameters.

Previously the multiple component transformation SGcod(C) and wavelet transformation (SPcod(H) parameter values were never checked, which allowed for out of range values. The lack of validation allowed the provided codestream in issue uclouvain#1158 through, but after this commit there is an error.
sebras · Oct 31, 2018 · 5999934 · 5999934
1 parent cd900d9
commit 5999934
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
@@ -2714,6 +2714,11 @@ static OPJ_BOOL opj_j2k_read_cod(opj_j2k_t *p_j2k,
     opj_read_bytes(p_header_data, &l_tcp->mct, 1);          /* SGcod (C) */
     ++p_header_data;
 
+    if (l_tcp->mct > 1) {
+        opj_event_msg(p_manager, EVT_ERROR, "Invalid multiple compoment transformation\n");
+        return OPJ_FALSE;
+    }
+
     p_header_size -= 5;
     for (i = 0; i < l_image->numcomps; ++i) {
         l_tcp->tccps[i].csty = l_tcp->csty & J2K_CCP_CSTY_PRT;
@@ -9804,6 +9809,12 @@ static OPJ_BOOL opj_j2k_read_SPCod_SPCoc(opj_j2k_t *p_j2k,
     opj_read_bytes(l_current_ptr, &l_tccp->qmfbid, 1);              /* SPcoc (H) */
     ++l_current_ptr;
 
+    if (l_tccp->qmfbid > 1) {
+        opj_event_msg(p_manager, EVT_ERROR,
+                      "Error reading SPCod SPCoc element, Invalid transformation found\n");
+        return OPJ_FALSE;
+    }
+
     *p_header_size = *p_header_size - 5;
 
     /* use custom precinct size ? */