Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 1 | From 226f07e4b49c2757b181c62e6841000c512054e3 Mon Sep 17 00:00:00 2001 |
| 2 | From: Even Rouault <even.rouault@spatialys.com> |
| 3 | Date: Mon, 14 Aug 2017 17:26:58 +0200 |
| 4 | Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 |
| 5 | (#983) |
| 6 | |
| 7 | Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7] |
| 8 | CVE: CVE-2017-12982 |
| 9 | Signed-off-by: Dengke Du <dengke.du@windriver.com> |
| 10 | --- |
| 11 | src/bin/jp2/convertbmp.c | 4 ++++ |
| 12 | 1 file changed, 4 insertions(+) |
| 13 | |
| 14 | diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c |
| 15 | index b49e7a0..2715fdf 100644 |
| 16 | --- a/src/bin/jp2/convertbmp.c |
| 17 | +++ b/src/bin/jp2/convertbmp.c |
| 18 | @@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) |
| 19 | |
| 20 | header->biBitCount = (OPJ_UINT16)getc(IN); |
| 21 | header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); |
| 22 | + if (header->biBitCount == 0) { |
| 23 | + fprintf(stderr, "Error, invalid biBitCount %d\n", 0); |
| 24 | + return OPJ_FALSE; |
| 25 | + } |
| 26 | |
| 27 | if (header->biSize >= 40U) { |
| 28 | header->biCompression = (OPJ_UINT32)getc(IN); |
| 29 | -- |
| 30 | 2.8.1 |
| 31 | |