From d30c95d07e647535f4c9fe6fe4a559e978d25891 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Thu, 1 Jul 2021 12:33:20 +0100 Subject: [PATCH] fix incorrect loop condition (#1752) --- src/jp2image.cpp | 2 +- test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 | Bin 0 -> 1692 bytes .../github/test_issue_ghsa_8949_hhfh_j7rj.py | 11 +++++------ .../github/test_issue_ghsa_mxw9_qx4c_6m8v.py | 18 ++++++++++++++++++ 4 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 create mode 100644 tests/bugfixes/github/test_issue_ghsa_mxw9_qx4c_6m8v.py diff --git a/src/jp2image.cpp b/src/jp2image.cpp index d880297a92..de4daf7546 100644 --- a/src/jp2image.cpp +++ b/src/jp2image.cpp @@ -655,7 +655,7 @@ static void boxes_check(size_t b,size_t m) auto p = reinterpret_cast(boxBuf.pData_); bool bWroteColor = false ; - while ( count < length || !bWroteColor ) { + while ( count < length && !bWroteColor ) { enforce(sizeof(Jp2BoxHeader) <= length - count, Exiv2::kerCorruptedMetadata); auto pSubBox = reinterpret_cast(p + count); diff --git a/test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 b/test/data/issue_ghsa_mxw9_qx4c_6m8v_poc.jp2 new file mode 100644 index 0000000000000000000000000000000000000000..47ad82ee7123a3b0aa2541295f5ca098bd0ccfae GIT binary patch literal 1692 zcmds2K}#D!6#gcwQDbAGg!Wd3J(WUg&`U|jP_$x8vlblr`m6`^O(!UWLZn#!JcTaJ;HiY_gL5 zXv_1fs_PDRyiQbqv1Gr~M$3A}FFX-eeSLKc%$J(5^olXi{uokPPnRxl(Yhl-Bo4=q<1eX_lDNH_MWo)wjHw z$?}!Q_W(P&wnchgOp@V|HqH|TnWhXdE2i`w>vM^{P#mT>WY2hIK!Kfh_4S9&_L8l< z^2)mH43k1q#2Qapc*mSX*vK4v@P(h;Xl+`9g=xQf`F#Cryoc;)e42 zZutN4Tv7H+plhIZfUW%cu?RaT`1~wZS}}XdKCl RVZ