out of bounds read - Githubissues

setharnold commented 6 years ago

https://github.com/uclouvain/openjpeg/blob/da5e897232ef824daf9a492e746ed22cf2a43f18/src/bin/jp2/convert.c#L1375

Hello,

if outfile is shorter than four chars long, this will read out of bounds.

Thanks

kbabioch commented 6 years ago

While this is not nice and robust code, I think it cannot be reached in the current version, since get_file_format() in src/bin/jp2/opj_decompress.c is already making sure that a valid extension has been specified before the function is invoked. If specifying an output file without a valid extension the program execution is stopped:

./bin/opj_decompress -i balloon.jp2 -o t Unknown output format image t [only .png, .pnm, .pgm, .ppm, .pgx, .bmp, .tif, .raw or *.tga]!!

setharnold commented 6 years ago

On Mar 2, 2018 17:13, "Karol Babioch" notifications@github.com wrote:

While this is not nice and robust code, I think it cannot be reached in the current version, since get_file_format() is already making sure that a valid extension has been specified before the function is invoked. If specifying an output file without extension the program execution is stopped:

./bin/opj_decompress -i balloon.jp2 -o t Unknown output format image t [only .png, .pnm, .pgm, .ppm, .pgx, .bmp, .tif, .raw or *.tga]!!

Thank you for this. While it would be nice to address this eventually probably other items are higher priority.

Thanks

uclouvain / openjpeg

out of bounds read #1069