Hi! I've been fuzzing openjpeg with sydr-fuzz security predicates and I found integer overflow error in j2k.c:9614.
In function opj_j2k_read_tile_header at line 9614 integer overflow occurs when value l_marker_size + 2 is subtracted from variable p_j2k->m_specific_param.m_decoder.m_sot_length and value from this variable is less than l_marker_size + 2. So here i decided just to add a checker for valid data.
/home/ubuntu/headshog/openjpeg_build/openjpeg/src/lib/openjp2/j2k.c:9614:64: runtime error: unsigned integer overflow: 147 - 149 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/ubuntu/headshog/openjpeg_build/openjpeg/src/lib/openjp2/j2k.c:9614:64
Hi! I've been fuzzing openjpeg with sydr-fuzz security predicates and I found integer overflow error in
j2k.c:9614
.In function
opj_j2k_read_tile_header
at line 9614 integer overflow occurs when valuel_marker_size + 2
is subtracted from variablep_j2k->m_specific_param.m_decoder.m_sot_length
and value from this variable is less thanl_marker_size + 2
. So here i decided just to add a checker for valid data.Environment
How to reproduce this error
Build docker container:
Run docker container:
Run on the following input:
Output: