1 diff --git a/third_party/libopenjpeg20/tcd.c b/third_party/libopenjpeg20/tcd.c 2 index 1dd15405d..acc28dd55 100644 3 --- a/third_party/libopenjpeg20/tcd.c 4 +++ b/third_party/libopenjpeg20/tcd.c 5 @@ -818,6 +818,11 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, 6 if (isEncoder) { 7 OPJ_SIZE_T l_tile_data_size; 8 9 + if (l_tilec->x0 >= l_tilec->x1 || l_tilec->y0 >= l_tilec->y1) { 10 + opj_event_msg(manager, EVT_ERROR, "Invalid tile data\n"); 11 + return OPJ_FALSE; 12 + } 13 + 14 /* compute l_data_size with overflow check */ 15 OPJ_SIZE_T w = (OPJ_SIZE_T)(l_tilec->x1 - l_tilec->x0); 16 OPJ_SIZE_T h = (OPJ_SIZE_T)(l_tilec->y1 - l_tilec->y0); 17
