From fc9ac24fce7910ad37446207baafe3f9316833b4 Mon Sep 17 00:00:00 2001 From: pleduff Date: Mon, 9 Nov 2020 12:29:45 +0100 Subject: [PATCH 1/2] Fix bug #512: Crash when reading corrupted Jpeg2000 files --- Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx index 35144a0b8..e82217d3d 100644 --- a/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx +++ b/Source/MediaStorageAndFileFormat/gdcmJPEG2000Codec.cxx @@ -1423,6 +1423,8 @@ bool JPEG2000Codec::GetHeaderInfo(const char * dummy_buffer, size_t buf_size, Tr opj_stream_t *cio = nullptr; opj_image_t *image = nullptr; const unsigned char *src = (const unsigned char*)dummy_buffer; + if(!src) + return false ; size_t file_length = buf_size; /* set decoding parameters to default values */ From 0fd682dfcd66cfc9e240cea8ba7ebe07c04182f1 Mon Sep 17 00:00:00 2001 From: pierre Date: Thu, 8 Jan 2026 15:58:32 +0100 Subject: [PATCH 2/2] Add a frame size check to ensure that the provided data corresponds to the buffer size --- Source/MediaStorageAndFileFormat/gdcmJPEGBITSCodec.hxx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Source/MediaStorageAndFileFormat/gdcmJPEGBITSCodec.hxx b/Source/MediaStorageAndFileFormat/gdcmJPEGBITSCodec.hxx index 01d937027..0313fd2aa 100644 --- a/Source/MediaStorageAndFileFormat/gdcmJPEGBITSCodec.hxx +++ b/Source/MediaStorageAndFileFormat/gdcmJPEGBITSCodec.hxx @@ -1168,6 +1168,13 @@ bool JPEGBITSCodec::InternalCode(const char* input, unsigned long len, std::ostr int image_height = dims[1]; /* Number of rows in image */ int image_width = dims[0]; /* Number of columns in image */ + // Check if provided buffer correspond to image parameters for current frame + size_t expected_frame_size = (size_t)image_width * image_height * + this->GetPixelFormat().GetPixelSize(); + if (len != expected_frame_size) { + gdcmErrorMacro("Frame size don't match"); + return false; + } /* This struct contains the JPEG compression parameters and pointers to * working space (which is allocated as needed by the JPEG library). * It is possible to have several such structures, representing multiple