Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix assertion failure (denial of service bug) in calcstepsizes() #158

Closed
wants to merge 4 commits into from
Closed

Fix assertion failure (denial of service bug) in calcstepsizes() #158

wants to merge 4 commits into from

Commits on Dec 11, 2017

  1. jpc_dec: obey the jpc_dec_cp_prepare() return value

    @MaxKellermann
    MaxKellermann committed Dec 11, 2017
    Configuration menu
    Copy the full SHA
    ef4b146 View commit details
    Browse the repository at this point in the history

  2. jpc_dec: add return value to calcstepsizes()

    @MaxKellermann
    MaxKellermann committed Dec 11, 2017
    Configuration menu
    Copy the full SHA
    f767fb2 View commit details
    Browse the repository at this point in the history

  3. jpc_dec: simplify formula in calcstepsizes() 

    Much of the formula is bloated and superfluous.
    @MaxKellermann
    MaxKellermann committed Dec 11, 2017
    Configuration menu
    Copy the full SHA
    a6760ed View commit details
    Browse the repository at this point in the history

  4. jpc_dec: check for JPC_QCX_EXPN() parameter overflow 

    Avoid the assertion failure in the JPC_QCX_EXPN() function.  While the
"expn" variable cannot be bigger than 0x1f, adding something to it may
exceed that limit.

This condition could be exploited with a malicious JP2 file, allowing
a denial of service attack on processes which parse JP2 files.
    @MaxKellermann
    MaxKellermann committed Dec 11, 2017
    Configuration menu
    Copy the full SHA
    833bb8f View commit details
    Browse the repository at this point in the history