| From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001 |
| From: Even Rouault <even.rouault@spatialys.com> |
| Date: Sun, 28 Jun 2020 14:19:59 +0200 |
| Subject: [PATCH] opj_decompress: fix double-free on input directory with mix |
| of valid and invalid images (CVE-2020-15389) |
| |
| Fixes #1261 |
| |
| Credits to @Ruia-ruia for reporting and analysis. |
| |
| [Retrieved from: |
| https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0] |
| Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> |
| --- |
| src/bin/jp2/opj_decompress.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c |
| index 7eeb0952f..2634907f0 100644 |
| --- a/src/bin/jp2/opj_decompress.c |
| +++ b/src/bin/jp2/opj_decompress.c |
| @@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original) |
| int main(int argc, char **argv) |
| { |
| opj_decompress_parameters parameters; /* decompression parameters */ |
| - opj_image_t* image = NULL; |
| - opj_stream_t *l_stream = NULL; /* Stream */ |
| - opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ |
| - opj_codestream_index_t* cstr_index = NULL; |
| |
| OPJ_INT32 num_images, imageno; |
| img_fol_t img_fol; |
| @@ -1393,6 +1389,10 @@ int main(int argc, char **argv) |
| |
| /*Decoding image one by one*/ |
| for (imageno = 0; imageno < num_images ; imageno++) { |
| + opj_image_t* image = NULL; |
| + opj_stream_t *l_stream = NULL; /* Stream */ |
| + opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ |
| + opj_codestream_index_t* cstr_index = NULL; |
| |
| if (!parameters.quiet) { |
| fprintf(stderr, "\n"); |
