1From 13e5a3e02339b746abcaee6408893ca2fd8e289d Mon Sep 17 00:00:00 2001 2From: Pydera <pydera@mailbox.org> 3Date: Thu, 8 Apr 2021 17:36:16 +0200 4Subject: [PATCH] Fix out of buffer access in #1529 5 6--- 7 src/jp2image.cpp | 5 +++-- 8 1 file changed, 3 insertions(+), 2 deletions(-) 9 10diff --git a/src/jp2image.cpp b/src/jp2image.cpp 11index 88ab9b2d6..12025f966 100644 12--- a/src/jp2image.cpp 13+++ b/src/jp2image.cpp 14@@ -776,9 +776,10 @@ static void boxes_check(size_t b,size_t m) 15 #endif 16 box.length = (uint32_t) (io_->size() - io_->tell() + 8); 17 } 18- if (box.length == 1) 19+ if (box.length < 8) 20 { 21- // FIXME. Special case. the real box size is given in another place. 22+ // box is broken, so there is nothing we can do here 23+ throw Error(kerCorruptedMetadata); 24 } 25 26 // Read whole box : Box header + Box data (not fixed size - can be null). 27