https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch http://openwall.com/lists/oss-security/2017/09/06/2 From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Tue, 15 Aug 2017 11:55:58 +0200 Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) --- src/lib/openjp2/j2k.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index a2521ebbc..54b490a8c 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, /* Precincts */ parameters->csty |= 0x01; - parameters->res_spec = parameters->numresolution - 1; - for (i = 0; i < parameters->res_spec; i++) { - parameters->prcw_init[i] = 256; - parameters->prch_init[i] = 256; + if (parameters->numresolution == 1) { + parameters->res_spec = 1; + parameters->prcw_init[0] = 128; + parameters->prch_init[0] = 128; + } else { + parameters->res_spec = parameters->numresolution - 1; + for (i = 0; i < parameters->res_spec; i++) { + parameters->prcw_init[i] = 256; + parameters->prch_init[i] = 256; + } } /* The progression order shall be CPRL */