Skip to content

Commit 7fdd422

Browse files
aous72aous72
committed
Fixes a bug where illegally long QCD,QCC can cause data corruption.
1 parent 8e572b8 commit 7fdd422

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

src/core/codestream/ojph_params.cpp

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1625,8 +1625,8 @@ namespace ojph {
16251625
if ((Sqcd & 0x1F) == 0)
16261626
{
16271627
num_subbands = (Lqcd - 3);
1628-
if (Lqcd != 3 + num_subbands)
1629-
OJPH_ERROR(0x00050083, "wrong Lqcd value in QCD marker");
1628+
if (num_subbands > 97 || Lqcd != 3 + num_subbands)
1629+
OJPH_ERROR(0x00050083, "wrong Lqcd value of %d in QCD marker", Lqcd);
16301630
for (ui32 i = 0; i < num_subbands; ++i)
16311631
if (file->read(&SPqcd.u8[i], 1) != 1)
16321632
OJPH_ERROR(0x00050084, "error reading QCD marker");
@@ -1642,8 +1642,8 @@ namespace ojph {
16421642
else if ((Sqcd & 0x1F) == 2)
16431643
{
16441644
num_subbands = (Lqcd - 3) / 2;
1645-
if (Lqcd != 3 + 2 * num_subbands)
1646-
OJPH_ERROR(0x00050086, "wrong Lqcd value in QCD marker");
1645+
if (num_subbands > 97 || Lqcd != 3 + 2 * num_subbands)
1646+
OJPH_ERROR(0x00050086, "wrong Lqcd value of %d in QCD marker", Lqcd);
16471647
for (ui32 i = 0; i < num_subbands; ++i)
16481648
{
16491649
if (file->read(&SPqcd.u16[i], 2) != 2)
@@ -1680,8 +1680,8 @@ namespace ojph {
16801680
if ((Sqcd & 0x1F) == 0)
16811681
{
16821682
num_subbands = (Lqcd - offset);
1683-
if (Lqcd != offset + num_subbands)
1684-
OJPH_ERROR(0x000500A5, "wrong Lqcd value in QCC marker");
1683+
if (num_subbands > 97 || Lqcd != offset + num_subbands)
1684+
OJPH_ERROR(0x000500A5, "wrong Lqcd value of %d in QCC marker", Lqcd);
16851685
for (ui32 i = 0; i < num_subbands; ++i)
16861686
if (file->read(&SPqcd.u8[i], 1) != 1)
16871687
OJPH_ERROR(0x000500A6, "error reading QCC marker");
@@ -1697,8 +1697,8 @@ namespace ojph {
16971697
else if ((Sqcd & 0x1F) == 2)
16981698
{
16991699
num_subbands = (Lqcd - offset) / 2;
1700-
if (Lqcd != offset + 2 * num_subbands)
1701-
OJPH_ERROR(0x000500A8, "wrong Lqcc value in QCC marker");
1700+
if (num_subbands > 97 || Lqcd != offset + 2 * num_subbands)
1701+
OJPH_ERROR(0x000500A8, "wrong Lqcc value of %d in QCC marker", Lqcd);
17021702
for (ui32 i = 0; i < num_subbands; ++i)
17031703
{
17041704
if (file->read(&SPqcd.u16[i], 2) != 2)

src/core/common/ojph_version.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,4 +35,4 @@
3535

3636
#define OPENJPH_VERSION_MAJOR 0
3737
#define OPENJPH_VERSION_MINOR 24
38-
#define OPENJPH_VERSION_PATCH 2
38+
#define OPENJPH_VERSION_PATCH 3

0 commit comments

Comments
 (0)