troosh / openjpeg

Automatically exported from code.google.com/p/openjpeg
Other
0 stars 0 forks source link

jp2_read_boxhdr() has size bug in version 1 #92

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
static opj_bool jp2_read_boxhdr(opj_common_ptr cinfo,
   opj_cio_t *cio,  opj_jp2_box_t *box)
{
   box->init_pos = cio_tell(cio);
   box->length = cio_read(cio, 4);            <== 4
   box->type = cio_read(cio, 4);              <== 8

   if (box->length == 1)
  {
   if (cio_read(cio, 4) != 0)                 <== 12
 {
   opj_event_msg(cinfo, EVT_ERROR,
     "Cannot handle box sizes higher than 2^32\n");
   return OPJ_FALSE;
 }
   box->length = cio_read(cio, 4);            <== 16

   if (box->length == 0)
    box->length = cio_numbytesleft(cio) + 12; <== BUG
  }
   else
   if (box->length == 0)
  {
   box->length = cio_numbytesleft(cio) + 8;
  }

   return OPJ_TRUE;
}

winfried

Original issue reported on code.google.com by szukw...@arcor.de on 18 Sep 2011 at 6:51

GoogleCodeExporter commented 9 years ago
Do we have a sample dataset to reproduce this issue ?

Original comment by mathieu.malaterre on 11 Jan 2012 at 9:19

GoogleCodeExporter commented 9 years ago

Original comment by mathieu.malaterre on 25 Feb 2014 at 3:27

GoogleCodeExporter commented 9 years ago
no new input in years, closing issue.

Original comment by mathieu.malaterre on 26 Feb 2014 at 2:10