Index: third_party/libopenjpeg20/0015-read_SPCod_SPCoc_overflow.patch |
diff --git a/third_party/libopenjpeg20/0015-read_SPCod_SPCoc_overflow.patch b/third_party/libopenjpeg20/0015-read_SPCod_SPCoc_overflow.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..56f0cf0e8e0c0fdfc2de389b66f0b7e2f58cf431 |
--- /dev/null |
+++ b/third_party/libopenjpeg20/0015-read_SPCod_SPCoc_overflow.patch |
@@ -0,0 +1,15 @@ |
+diff --git a/third_party/libopenjpeg20/j2k.c b/third_party/libopenjpeg20/j2k.c |
+index 9056feb..c7aa8db 100644 |
+--- a/third_party/libopenjpeg20/j2k.c |
++++ b/third_party/libopenjpeg20/j2k.c |
+@@ -8744,7 +8744,9 @@ static OPJ_BOOL opj_j2k_read_SPCod_SPCoc( opj_j2k_t *p_j2k, |
+ p_j2k->m_specific_param.m_decoder.m_default_tcp; |
+ |
+ /* precondition again */ |
+- assert(compno < p_j2k->m_private_image->numcomps); |
++ if (compno >= p_j2k->m_private_image->numcomps) { |
++ return OPJ_FALSE; |
++ } |
+ |
+ l_tccp = &l_tcp->tccps[compno]; |
+ l_current_ptr = p_header_data; |