Check for NULL pointer in jp2_decode

jasper-software / jasper

Official Repository for the JasPer Image Coding Toolkit

http://www.ece.uvic.ca/~mdadams/jasper

Other

223 stars 101 forks source link

Check for NULL pointer in jp2_decode #197

Closed jubalh closed 5 years ago

jubalh commented 5 years ago

Regards CVE-2018-19542. Regards https://github.com/mdadams/jasper/issues/182.

Adapted fix from Markus Koschany apo@debian.org. From https://gist.github.com/apoleon/701d7db34d63faa16463935b1465c74e

theta682 commented 5 years ago

This fix breaks loading of some correct files. It checks incorrect place for NULL-pointer. Function jp2_getct returns interger not a pointer. Correct fix would be to check for incorrect MTYP values in CMAP box. The problematic code does not initialize dec->chantocmptlut[channo] which is used to index dec->image->cmpts_ array.

jubalh commented 5 years ago

@theta682 I agree!

Tested your patch against the valid file you uploaded and against a reproducer file. Your patch is better. Do you have any more of them for the other CVEs? ;-)

Closing this in favour of https://github.com/mdadams/jasper/pull/200