Skip to content
Permalink
Browse files

Check data in jas_image

Regarding CVE-2018-19539.
Fix by Markus Koschany <apo@debian.org>.
From https://gist.github.com/apoleon/7c0f3a0c28437c18fee8a51b1aa16164.
  • Loading branch information...
jubalh committed Mar 12, 2019
1 parent 573a6e4 commit 243749e5a6384acdb9f0a59515c0b85dfd62bd5b
Showing with 4 additions and 0 deletions.
  1. +4 −0 src/libjasper/base/jas_image.c
@@ -491,6 +491,10 @@ int jas_image_readcmpt(jas_image_t *image, int cmptno, jas_image_coord_t x,
image, cmptno, JAS_CAST(long, x), JAS_CAST(long, y),
JAS_CAST(long, width), JAS_CAST(long, height), data));

if(data == NULL) {
return -1;
}

if (cmptno < 0 || cmptno >= image->numcmpts_) {
return -1;
}

0 comments on commit 243749e

Please sign in to comment.
You can’t perform that action at this time.