Function tgatoimage in src/bin/jpwl/convert.c need to check that the file is big enough to avoid excessive memory allocations

[ycdxsb]

Function tgatoimage in src/bin/jpwl/convert.c need to check that the file is big enough to avoid excessive memory allocations（the same as CVE-2017-14040 2cd30c2 )

   321	    /* initialize image components */
   322	    memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
   323	
   324	    mono = (pixel_bit_depth == 8) ||
   325	           (pixel_bit_depth == 16);  /* Mono with & without alpha. */
   326	    save_alpha = (pixel_bit_depth == 16) ||
   327	                 (pixel_bit_depth == 32); /* Mono with alpha, or RGB with alpha */
   328	
   329	    if (mono) {
   330	        color_space = CLRSPC_GRAY;
   331	        numcomps = save_alpha ? 2 : 1;
   332	    } else {
   333	        numcomps = save_alpha ? 4 : 3;
   334	        color_space = CLRSPC_SRGB;
   335	    }
   336	
   337	    subsampling_dx = parameters->subsampling_dx;
   338	    subsampling_dy = parameters->subsampling_dy;
   339	

Below is the proposal patch for tgatoimage in src/bin/jp2/convert.c (CVE-2017-14040 2cd30c2 ）

         color_space = OPJ_CLRSPC_SRGB;
     }
 
+    /* If the declared file size is > 10 MB, check that the file is big */
+    /* enough to avoid excessive memory allocations */
+    if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
+        char ch;
+        OPJ_UINT64 expected_file_size =
+            (OPJ_UINT64)image_width * image_height * numcomps;
+        long curpos = ftell(f);
+        if (expected_file_size > (OPJ_UINT64)INT_MAX) {
+            expected_file_size = (OPJ_UINT64)INT_MAX;
+        }
+        fseek(f, (long)expected_file_size - 1, SEEK_SET);
+        if (fread(&ch, 1, 1, f) != 1) {
+            fclose(f);
+            return NULL;
+        }
+        fseek(f, curpos, SEEK_SET);
+    }
+
     subsampling_dx = parameters->subsampling_dx;
     subsampling_dy = parameters->subsampling_dy;