|
 |
83be9e |
diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
|
|
|
83be9e |
--- old/src/libjasper/jpc/jpc_cs.c 2018-06-21 09:16:03.401642013 +0200
|
|
|
83be9e |
+++ new/src/libjasper/jpc/jpc_cs.c 2018-06-21 09:36:47.278110112 +0200
|
|
|
83be9e |
@@ -782,29 +782,37 @@ static int jpc_cox_getcompparms(jpc_ms_t
|
|
|
83be9e |
jpc_getuint8(in, &compparms->qmfbid)) {
|
|
|
83be9e |
return -1;
|
|
|
83be9e |
}
|
|
|
83be9e |
+ if (compparms->numdlvls > 32) {
|
|
|
83be9e |
+ goto error;
|
|
|
83be9e |
+ }
|
|
|
83be9e |
+ if (compparms->qmfbid != JPC_COX_INS &&
|
|
|
83be9e |
+ compparms->qmfbid != JPC_COX_RFT)
|
|
|
83be9e |
+ goto error;
|
|
|
83be9e |
compparms->numrlvls = compparms->numdlvls + 1;
|
|
|
83be9e |
if (compparms->numrlvls > JPC_MAXRLVLS) {
|
|
|
83be9e |
- jpc_cox_destroycompparms(compparms);
|
|
|
83be9e |
- return -1;
|
|
|
83be9e |
+ goto error;
|
|
|
83be9e |
}
|
|
|
83be9e |
if (prtflag) {
|
|
|
83be9e |
for (i = 0; i < compparms->numrlvls; ++i) {
|
|
|
83be9e |
if (jpc_getuint8(in, &tmp)) {
|
|
|
83be9e |
- jpc_cox_destroycompparms(compparms);
|
|
|
83be9e |
- return -1;
|
|
|
83be9e |
+ goto error;
|
|
|
83be9e |
}
|
|
|
83be9e |
compparms->rlvls[i].parwidthval = tmp & 0xf;
|
|
|
83be9e |
compparms->rlvls[i].parheightval = (tmp >> 4) & 0xf;
|
|
|
83be9e |
}
|
|
|
83be9e |
-/* Sigh. This bit should be in the same field in both COC and COD mrk segs. */
|
|
|
83be9e |
-compparms->csty |= JPC_COX_PRT;
|
|
|
83be9e |
- } else {
|
|
|
83be9e |
+ /* Sigh.
|
|
|
83be9e |
+ This bit should be in the same field in both COC and COD mrk segs. */
|
|
|
83be9e |
+ compparms->csty |= JPC_COX_PRT;
|
|
|
83be9e |
}
|
|
|
83be9e |
if (jas_stream_eof(in)) {
|
|
|
83be9e |
- jpc_cox_destroycompparms(compparms);
|
|
|
83be9e |
- return -1;
|
|
|
83be9e |
+ goto error;
|
|
|
83be9e |
}
|
|
|
83be9e |
return 0;
|
|
|
83be9e |
+error:
|
|
|
83be9e |
+ if (compparms) {
|
|
|
83be9e |
+ jpc_cox_destroycompparms(compparms);
|
|
|
83be9e |
+ }
|
|
|
83be9e |
+ return -1;
|
|
|
83be9e |
}
|
|
|
83be9e |
|
|
|
83be9e |
static int jpc_cox_putcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
|