blob: f9d68ef4b2839a08cc07cc6814c3c00c08d7e6be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 openjpeg-1.5.1/libopenjpeg/j2k.c
--- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 2014-01-07 15:13:20.297114457 -0600
+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:13:20.302114404 -0600
@@ -1697,8 +1697,11 @@ static void j2k_read_eoc(opj_j2k_t *j2k)
else {
for (i = 0; i < j2k->cp->tileno_size; i++) {
tileno = j2k->cp->tileno[i];
- opj_free(j2k->tile_data[tileno]);
- j2k->tile_data[tileno] = NULL;
+ /* not sure if this can actually happen */
+ if (tileno != -1) {
+ opj_free(j2k->tile_data[tileno]);
+ j2k->tile_data[tileno] = NULL;
+ }
}
}
if (j2k->state & J2K_STATE_ERR)
@@ -1858,8 +1861,10 @@ void j2k_destroy_decompress(opj_j2k_t *j
if(j2k->cp != NULL) {
for (i = 0; i < j2k->cp->tileno_size; i++) {
int tileno = j2k->cp->tileno[i];
- opj_free(j2k->tile_data[tileno]);
- j2k->tile_data[tileno] = NULL;
+ if (tileno != -1) {
+ opj_free(j2k->tile_data[tileno]);
+ j2k->tile_data[tileno] = NULL;
+ }
}
}
|
