From f13ebca839e55d0c7ea1c7f57ae667c47fe9c0d5 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Mon, 5 Jul 2021 10:39:08 +0100 Subject: [PATCH 1/2] Regression test for https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 --- test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 | Bin 0 -> 32768 bytes .../github/test_issue_ghsa_583f_w9pm_99r2.py | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 create mode 100644 tests/bugfixes/github/test_issue_ghsa_583f_w9pm_99r2.py diff --git a/test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 b/test/data/issue_ghsa_583f_w9pm_99r2_poc.jp2 new file mode 100644 index 0000000000000000000000000000000000000000..d646ceedb2889bb0f8954a69a23f3b59a7c00aff GIT binary patch literal 32768 zcmeFWcT`kMvo|~>36hgU8It5MWRRS5P6CpKAv53%S;>-fjshZ4f*?7g1OX*ykeoq8 zf<%RHP|x#t&OPVe`@ZX4>wbUSy%=`ws_N?M>gr!t?+pL|uJ1FK=2RXhOtY92o$>N6{7GOJTJ1|fK46%T60(B7$)h*n;I?LfeD8vH- zcLiG5!N4#JYgZuH0tT~#z<_pepc~W*0=uySMhM-Upcd|SHWsdSP#d6*vzx0eP|67c zvjbZI?Vvz}7f`sJ>rH<*T_cPFZJnJUF3vF58`pFYUdh@)Y@9iPdYn4qKRO4x*g7NB zExmx6H-rt$!o?N>yKza)!W9DKg;@b*94+8*AhVPK3sBC{&fCHgg6LHjVb}%kj2H&9 zww$V*l#Uz=7Vtm6004C*6%BQujE1(RhPIThl7{*(jx5L!z>Y|gn>_jBE@kCx3Hj+1 z+}7Cz(KW;g0!54p#KXyra1Lw-b#;c@0(iJV0wUbPA|PHM2qeNUBmxou{Fg%kFak0H zf97KZDgf~87oC8h>B9bBye(`4!GG=c3#H-)J$c{dk2X*%(C0QCyjV&t7otMQkpak5$Y=n<|A$1N#YdupdBo!@2bv33i7fVDASPL2~>g3E?*=W@C$3V@|(7>_!9Q_XqS}z;q+P zhT1vVxq5SeZ}8!UfeN>^bNSKa56q%MW(I&{U=S+=C|SU7P>1s`sPlJ-LWL{{z_^*u z8w96976shq{&BJ0{HH<||6M2nxXr`ME6C5wflx;XH32lgul~LNh+|a9dH@oHCqEte zU6~5m2tf2VP)>ym0pR=zY^ji;0E|CuP$9zsWH&$#)c-LzKy}3A0CgZRcRMhI3fU7W z?mx~o&OdK2|D$^mB3}OkThU*W;`d4Un;HBscOsnsd?Nxye)ZLL005H7 zo7LLpJ@h`cM0zXhQF>DR>Z>wQ2~QUbumi*uXbG{ggNo7ZH@DLP?X1M;4EWW!)m&sC zwswl%Fo=$~x-Qt;0W54qCn1g{>M7#s(sH+z`~g1%vM(E)#` zxH^c@8LDXlWt?FUARi|mCpQP8%yQ?U6UPFI!mO-Cv}NUgnLs>=(b>AXx`=Rbd3bnm zdhl{O!)&-f!otE_+&o-7JRArO4!9T8)xwhl3a7s@@zaJZ1P+GTxwzUPs*xL;7M6&b zL5z;>$6o!*KPQ)e8Hd6-fB4D?c6Q?Ov~b}9adLD0uIzGCB;4%Bf8XR^;{VVP5fe4F zzi;$MKTb}6>I&|v4f*%5|JF0Ou9pjhOB(`rc7uT-2zC13eTBQqxg*B?KCW{}+LbohyR-H>mzsJw!}xoM8xE^}kA--Jq^F zfsH;M3EWln$nz}Nwb~cDJhZvo(pdd(4P)a~XkY8AeM_O8zTaXtd zD90TKG9z$Gh~!sh4GPyBYY6aT#m6y>@BaRl?{S?k9(fq43dy6_*gf2$P# ztnu^d4-Z7S{#$N~{+v@;#39rjVkHlAcKYGl5A+tXLqNeFGyP+#AYc&4Lco%n1B@uD zIY1yQAr4_M;+Sr2!NUXL5#kXRv=;agP~cAkR=>^l&s`M3K}`9-T?2uIxgp%bAPz8} z5CS!CELvCzT5(wNfkBo${K7((+`@ERKLYm4RYg0vD`KJl7IYoRqd!OVXLu1lAa)QD ziyu%XMhCY*4DhFOz+a-@$M=7f$%yIxY23pWf3vTMx|4tVCm%abHr<;DkH{tt?Ooa6sN{Oe@@57OVy`v0JEbNc@W(I4*v{w)6a^hYp%#QwKf|CIiAfI&?A zPafi6gg9q${p+Ch3xWQVEdPHY`n4zgzcBUBHvYGhe~!)HNd7lme-o5{X8mut{y8>( zBl+KO{Y_B*nf1Tn`sdjEjpTpB^*2HJXV#B!Vf+WV-wg-r->+&RP{h&31Mwmj0Pssd zeC`HcYg}sqxPE+;x%u>U^U3Rv>(9?9=txLE|E{$G*a#gYBs5gSH|1*+0Fk7mqN3*S zf7fw8K5_&6cn}JSi(Zl>CB^nz4$k?ng2fzi*wSOLeO(ejZz6iN5LBD3(63B8>%(8|+Y|AbOebCBt& zSM`qVecVdFc(~Lq_oQZE&s6<~WpejSG^OF&LOlHaXA|gQg#&CB@;+mJqu+YeP*6$8 zaWmFuzIpBQW5?L~9Kgkb_BM z{uMLaE$ThAi}ou5+SyvPhYRI8*Mv`e9^}&c$kXXNjn2d$*7+{X#H~$Asakmj9;Gjl#w#b)LfMQT$pl?u6zX4!3H20K1(Q}57Y__Z>r}d4ht^){ zK6dn6EMl%XFfxtAaqbltn!ZNg!BHY2iwHLtNgIeEHMjs4aL9nQfGau!03Xpl{fI2W zuK~#JOYEOh8*0dQs{x%tsw)MY^A82nBuMuRa-+I#6Oj1i+}ELv*R!*G zS1bmz*!h$xngg<*zSo>iU3_m4JKFx3D&usG!)YUX+&pKsMy4kEqGUhYG(qXLV?_Nq zs_Sy%@Fq-N`nKf<<0{7}VV_H8zNdY+kn+UE2@*i#sGl)9JSE@Z2EAv(d84MM=f~W^9|CyT{4yK?}M#9HS~o=8VQ zS&;|uEujkLt-5ES{)G>{xn>|1dq=TMq!2^29>rdq#xNFb;}M~ZW&*BLIf=>|3M0M3 z80b67h07a=VEu>99{GT99@*W{TQ=sD($_-EZS#a(~9fXTqa}(1+5l`EZnU# zir&i%3)8;y;mw#BC*bHSf_(HmNQOy#Puby%X}6DU zFwY~4FDD|o7The?sIpIOY- zP?h!+lDW-cv9OLS$?rL8<;-k%G6H@6so+mD|;0S(eT8x?Ii1t+@i<-By zD@}@HLsSD^NqXr1V0lVFg&nyC8X0ZrTb*N9*-6wX`34x`Gpoj-TU-IJT8CMQ%P!v6l_D#dne)zjswZb&o2)$kjw5kph`c z>vO>)yq3`?b4kT+6{f`W?f&u)PsWg*seQ;eKIpaB^7^)ra>1Bhhfz2*KGkn(;79ao zmjun(u6_qI_Oa>Ak)hX9T$_7T1xpWzcC}#zgab!XqVv&6-%JAz@b^VEp!c0QhNM52 z^wLA<>}V!UjerfEHG~S~F}GcgRL02&Y#rxKBChS9hvx4nq!re&PH!-{kAx^Gwj~^( zD}a0hyAym(N<}{MYSVcxwK?`}f6i<^p{T`eh`4n?^Y*T7W}k%$n&$H~6EYUY^G)){ z)T`4?y4?bkiT?4c?{}W+8S$*EYl+<(h+8>2H}y{U;aVfUf($J4hfdMoX3SJUV|+e# zD?I?IjLKsF$@!6s-~*2H>ah^?=$)a7+`*SCtvt&Q?A-y&7t90L68c1;1J9OMn+gik zVjs<8y~{eq;`v;nHH_|SRM_%Ze!r;u9OxK|z=k z((}1%I$feJoT;i6|F1jTkMC9}>co4EC9$>Ft7gZBhe~BAV4C)|_vFS`^kF1E7idbr z?4z6J{A_!u&~v|(ENY?bt$6?5^Ara=-|iC}EZhCW_iuHs^7C&mooztu5MR*^)~PBpfSZlB8%GjLzYo`iDH}5 z)$lVz@8*Z6garNTaF7E0PE~+3pRs>e)|O@&f2|C2WCv()YV}P7-}ak%vkAq5|Kjzwd-gE;iLi5&B+i_Twz1`_9-3pU+u5ubJu!BM0$yiy>dE(9Bgo_LKVZEClpxJjt+B-_US4a5gGC zv?rW54aR;2oi^VRm<*1WQp>S_d+WgE#i%5my_(p0DzVq&39vC<-h(>kOv=jD!?WRB zOtYx%TjP7NO{YOR$nGR@B;AKI#zZ5{s6vYYP#eom#lrlfu$OL=K;Wq6Jf=Se&q&5y z9LSfr`fy`Bg70nQ5rWtE3mmPIc%~AgSmSAZr2Lx48y`bdOc_jxiSj7YA2msoZGheg zJIjeV5E_t6ougb9yk);fK{<{#k??f+W6QO*n4dlxku<9zVUHD=)q?x#i(4v`CczC@Kr!4mso8I`KMke&3Z+d@a#)h%om6T0wlIlNxb^mEpEqzs(sYs2*s`Ha&FK$RK z_BxO9 zp1y9Gu!xSQA=tCKxR6(O0mqCOrq zoE}f^wDs|RM~31i5%m#LepHK!tvoCBG;>2YI?B~irWs?y@jPhX-=1y+rQP`WFbt-H zXQpRUe!15KK3&Rw>W^k_%tM*P8-zE6K6mzxmRAsyARLs4YXbcK%+9?%ia^VzUMQD* zkjVVf4T8)oui^Qvxuva`z4oE&DvHz`@0Vyblu^RWSxc7CSNFcRBwlbQ2Uy10Sjouo z_{pSHI8v44-s8A8CSkIeokhGmzeo{$usLYeAPV1A4^PxFk1ez$7rpw5JkOe}9fXUW zm+@egPrSP_43=-VE9DQqN-ri3=hxEPdqQP0Tm5NC(fM^*e;rzHnnqUQMA!pD*sG~; z!`->FQN-I5tYJehRuTuvBfP=TSt^1lkv`e|Zq96;sjhdf*-Nv`sp90! z(ZOeNGr&$MefH%KNRsFd6Le4AK&^EgePm7M>N@0Vvb`=W2h{z$YTDu2vy~RTRB^b5 z)`kslXwKwtA$`iUu3x$Du^C{w^;9~+l?ca0I%w?uM*J%@`)~ymp6C}&^m4XxYX@Jd zcRZ59aS_S7SA*{^Y@)JfVQ3yVG7xsIQD$P&;mYA!{0=N-kOno$C?RL@w(wUjX-y%z z9TDujo^}h1y5}q$*UMiwu*#J(6t2-Cufk-Tc;C?1aaFZbPD%KX-EH6#7Bdh~eqK@- znN7tRt`OmKtcI5F${4ja^^j&!^Q0_)mr?M(=jUNzQFS5y!-ZQB-WX5s7_$-ZB|NOv zP+J(E^&p~Q)&cd61Otux_4Iq>di*ut#6W2# zG0VHu#JoY@)oDn!A<2imi@J>+@yr5xULK=HJiD7raVlYO>N1Jv)g7%}rR0{vHYr9- z0avV;Xj_s`Kj1Pyu9u#Bz2??7#T#wYHlB^WUd)QF=QBb8=q?i{vS8VltUa!qSne0Ro1FIR<*Xbgqd7719Xh0M29h~0<4 zKIBuT_JD(V&>j0L6g}=m=ReMU z1yvPdy8$2B@1-BGM?c1~)k_$r9}x%ZJey+Wwc#jX`$(K;V8r<*zfN_^usF(lc1UkE z9!slT&~gG_%pCdIgk0oEzCY{5#UW0f&YW_*!@@Mop?PQ`2sli@8s#p z4;^%$0L$4Y>CS-0ybR!yOSu)J#-{c69<1~|m&)EL=*%?z_pdCk$F;!`r5Ejc#;@qE337GfRu-+vu?1MDbcxS zUX<*<*~(aNc1wDBc|a@rRs9KuvOTCJ73a>GW2uXKEE-z zBPifr;IbhWvOV3@MKU5f;%LH+_K5{~}2h_=jb;C{k!{BLmD9{26>tBDgN5VOLc|jD>x;+;A zbaJL`V&6w3(>P`1nw3!?%`etUHDIZaerm;s{`Iu7&JJ%sUW@ey#T;gRj5}6m?iM2; zvS~E1ffwH4`JuU*nad0Ih!HyGNcQ8Q=8=#`$!D$YVMi`kA^21ceRzDOE+`7vDzX&u z&{WxULPf9pF%Lb?wkD=*dz!`9??&$0_loKkOMwnQvflD#e~kT%-x^L&+&z4TWF+Hk z&^;1LCKN9#+=ztpv9;PT%^;I7 z7`^yZ;WYAmFmb}}wSN)!wZ@wVSL{|A&oM>1{M-bXLqYAlaEE(EbzXV`g!U#Ddb=8* z?;iVZu2^J+D7C;#AD5hdF+tx%;SNtL=88A8wHZH(qgC=Wrq%ZZ1IPJd zLH!fnDDJv_!M@)Hw;C&A%#{=Ci>^swbC+$3Jj^B;RD$P;!$|h(J&c98E&cb$7rJ9_F|RPl$;mI5EU>q7LGh^4vZlR^f7qmP&N+JJJ%&|SBDwF&PY!XP z9YpyByhj;Q?$ibz&`$J4+D~r5k1L?1!Y_Cz^MPT4d2vG_Q=nz@OtD6` zGdw>{_`QSB``}wRnl+CKi2=-#--xG~L|Nxla2M7abC`MEjH4%MoVImAirW0@Mn$_ztevKQ;M z&~3StGX@_l;fl-GYxv_^7gQEzWHWQ_3&EfDbsNogFugbSWv*9ECkKy6fIS^ZLr2qz zbiI(N8gWwVC5}uSR;gWQMP*-tU#k#zl%mHf;BMagy=a3~j`l3=q12={j8G)(o}(_leH}VtE1CYHP79Z)*^z@`@q6d+$2yJDqz%p? zN7asywqSdj2mWPFl7R!;%_Z)^!Ab2#CtqgYG}MHsWsD0vTeMqttaC=wlvR+Zp`uhR z<&Dx4922X{N;eaTnfW&Fb=w)+LK8rsFf`J5h1qG|W}a82?l2~bFO%0knZOtybxXHE zr@$k3yzO;3VS`@Ob^sJCig8%~6nK|1s6`&@bU1>rlYLKZ%wbOT;j@k>p?6I)iRZQS zk9n3_yy1n%!uE^WDmmTcfJ-sh%ns6t#vpba!0XLOis(is}cliZ5fP9?z?I zxl@MbYqjnd58IpKJMH#`*md23ACR}mc6 z*wP=!7?RplrL;?i<&CSpgw(fVNj(!fs+P@PCU6(iKAmVC7a#SiAU#tpsb*qbHr`RjJRW-e-J>~D zAsyRo2@XhY~8!qle*`O3}hKHL@$53CvjjncrVXKrIHmLIg50UU!H!yJ>Zlk@p@Mie9mis@mAT3i$_&v2oX z@XJrr*yjoT&FY!cHGOj`u}h2w$o?na?_KEEv*EHu;Au}@m3-LsPb(ZE*>Apviz;N) zXRe1zi$AD?SzPHF+HpQe#<;MbSAKOLUW9+GP5*72(pKB$15u!4a9JL~AVb%yf9me@Zf8zcwIeJ?=!1zHKuIE zby8Mq2%p<<(GK#x6;V6YnGk`RsmCAd?-1r)cy>~0B25;w^SD-uTj`HyjV~|gYkC_| zxewxZ80&eCxYgZpoy5Td9_P57R0rN7u_l*UIdNKbVi`xGB*t1GJ6rzxD%D*7;b048 z+KB3tOS zWH3E(uWXsjuAVYPBF$g5Vsa3Q(UtNOODHrc+{TJ!d^_>b9NEG>`n^1ZiqI|t-5!}` z2J`doioFeT`PCj>9U!RGKdy0e@Dl~I?rM%8HQcEQL; zuf6IXG!5Iz2vl42)-e**uxI9Bu zu9R%nYGJmbV!#1)A1CREkYHgPr)?phdO9QQP$=S+pD$k@{l&v{M&;S%S=;M<7P_b5 z?VR7a=eQ_YDNgeg_zfo4xV{TzuTo!0jaw-`pcDa`H`O`7Fzh*FQuiCM&1mk&nMo~y zYw9=ri4U;=%P%|}wJsOiKRJjYGoCi}dOZu9;}A`HqhpuFp_W>plX9&ZsY(8U<<*ds z{36C{MUAf3;xBjFpXUZdJld}KY#`IsiNZG*qI5X*vNr+)$d)hII~F7Pdh|4(Rp`md zCqYp1kUM8kODgA-n(d&@`#VK?8FVjk=$+cbiD(@KD*LM-pOz(btZ%`XFud@kuknWr z@2d-I%wxScLF-?d52y#U4~R68f56N})$suYR*H{X50#^^*R8qve_{<7|C}PKj!R*d zJQ5bjuvpl(+@Snj7lS7c=>=h|d}*Fc4;aM}%LR>r>NWIe#BAqSgKd;+PS($-?AD3N zNz4n0F-M7H!`AQby&~SWlf*ISw9Hh$&5ExazGb4wkLT)txI_9bW(RC;diBniw{Eql zAa0ABZ3R;Mv8edT^v<__ul~^X_T||}^>upbT7q{yBwR>xSW4BaJEXo>uZ?;3Fx<7W zc3E${BWvd*WFV_R)0o~A0%w912iFljQk_5-n%OPS8#VDeb~&CE{=(;3fIv$?#8%!H=Gjou?0#JQiS?LxF{;=3U=V^h^~wqKuV-QeAE@U6+5`X?0y-}hv* zQC6~<^d4T!>1q6r%(w`kcp-Y`p z_qoLwoB%}b&#MIvL_c+0YRFh~3OS*mZOd~nW{V}0>EAVbbv7|k{T4H#OXr1bW3K<# z@d%j)O`81ejcvJB=e9n1AH`38^mO63w(-?JSbyihn|3w~T`d`ZXX7}61cyht<&>hv(#@eFj=(AFtK7G3(8~GBqZ`wkG8)D|i3;oarg1SpA2i zOONn|Q5t%YMvQj6ZUF5Y~Klwxs7Yh(#! z6c?4VxlEo>)Z$}`AGSH zz7{6#5uX?9^j8sWoY;`VGErr3(qkD%`>a^-nf?yfVW`-7pjTpyK=o^GWtS25maBAz zzWzrT0ytQ;R2EjO=3bRK1dGKb0C=A~ZC3o}4~_ET;qHlNb7>k$TJ;U?oZI9Z!mw|c zshJUo#YWj2EqwmPhym#xJm$5HVGLQG>S9B=L##0A7757R$Z42)bMT0ulK9A;GLkN? zgvfAAH@b*7#P}qt){fi}<%J{Q+kA_9N2SVp3Bme0%_=cZ`rY?cT+&gI*9?aGdmv{v z(KXLDOb7Su)K)AdTj~32AE21_w8AhcU0Pyi{bXnwh{}y)nm*R|&Kq9OP&dhfLLNSY z>QTL#QbH=Uo!O54fC8*fs8O+w^foPiV^75N?M&f$7cKXRrTdg*`gl8M?Gd}o!rj@4 z+=+mXduwxFrhYT5^jNeu}t;HyUwNgw5__Qu)1)77Yp)3Nw9yIw?5XL!+zl<~BofxkAo z^n>d2+M%=Dcxh=}<>RsQviL3D(tXPLIB zu{tVs=^IQ3NZ4TE!AcQ@qKu19+=JN1Em<4n3MtZZ6`Bp&=hm;@7patUcCvg)I~e2E zhFh4FY4$P7=%1x*z}vA!HHJ?~-T9Oc+O$!mb?Jt&T;96(w zqDsAP#(>66C&(cGMl*ZL8)fj)^58XdJL3U>+Y*(nP=i5%AKD+R7W$^imD^2y3O(}S zo00{QKIPVO;PZ(NuwHZ|^vaR_dqx(3@qwH*Ouu=pM<7ZOTzr~LF@k1%m+qiBP4r@l z_60~>N!1#usVZf?>y*kp<3WPhw@;zwclbK|NT>8apa#2Rn5JzXEnd8R^|%oS6Z`W= zbJw&LSZOeQ+j*uwzvjy6eqISf-C@hlYN(@W4Ijali-Q3VK+@76@Jp!2h05z3ilJwx zP(}&As;38@v&;5aa>8Wm)3=u}RdF#KJ@v$N)M@XgIL=9|CQxWNv>Xux5!aSM0!{pR zl#^K+L6|wa;%SO1V|R(Wh!vRAH=j{_Bx%Vq+MxixJ+MxhQ#e20Zf*45A$-;27VvPF z{WV83vahT}hCSyktycPB2zqwayV4e^foky~TgtrGIQGf`We%k=5B+jmBCbY2La6D>q8kx~?WU9+H%6j~&OxwF5+ zbIY{gmsX{h55HvcU}qC#FKS`#pV3)}juO)CvQ{?NBLgul$CkZgjLRMxc$=7HS*q#@ zSk0-~Jhkb0yRpp0Pe-)2HBGJ4kp2!uJi<|R+D~9i2tr44`$bK3o>k<2!Z?A7qr+|fw>JW{QcTI}YD!)6t8$;@qHfxy;2+=pw4N~d*%*mM@8jdG zHprw<2uy@XWj?%3P*&tlQT zHA%+__wm@yitrOyQV5qB(w!JB1u|z^FIGkDq-UNsOX!!(%}aKYzai~PeeZsL__8eD z>TKpAr@{vbTS9{{ESbboX5YJ1B`&qf*mmRx{EBxb$Xm07OLc|QsuvitiNyi5rzM!1L3f^CvRvgMOT1`b=8Hh8 z8I0Vr<>(GEJ=YmzD646J>6l*JL#ss-=gcqLlj-wo-^*g3Mqh{d4hs-UqA6PP}4)8XDhTBFD=SM&JB8@F}FsE1aFx zvvtJ^t}I)hhLzObRVZR3ZQ{;Fka|v`gO+u`8GM@XMxw3Dmo91;H*pkJ5vqt6OIuEn zh4J_UZv1vzN$DX{^%A$_%q6={9I-T}$lb8n#h4>Otky)ai>| z`k}1QN9Ou_?;Axr?M5D*0vXUP1GMiF#wmMS%SW%C+aIfjn|iV}DDcb@@Cy~X*UNOgf>Ej1Bq-!m1}AyXEgwvyi^u2kx?MYR zdB^bzu1fNFji=6I?lSm4abuVE^r4maff``!8g6HfuY^uj^U37$OAPB-$*~yv z6SyAjzEJP|vihFr`VnJ@sAKbCW3UvOCwQx}A_x{%rPwWh_6!YoNaE@tej~w^HWg{^ z0^sqzwq!Aaa#TTePRmTE`YP!x+5FRT5{qo)gpd1Qs(DNWD;`6D(=$16Xm(J<^I<(t ze1Ej(-rieOyWJVILM^tDNiO&4CtXLv>Y30Ct9Fe(S3Zam@oK;leTve<=623nrc=3) zE@o6~p8O^gDFxjQ)^8PgZ&`Y~)ZTYbaUa{FQqLCB+ME>AKIZTQgJb(S-%)wcX%EzZ zc7(ad_I(PAn|{pS69;yiefnf}M@`Q%pYlONG8I(_Su zR6TK@I=QUQE5?j#L46sT@d1~D9Uc#;J888(=KElcQoX0ayTh;kt^E64KY7%Jb63mi ztuPJ;<~-^IS_dOO9qiMi#Fp5e(N#51Qax=jDS5nS5-ZMUiYNCgUvC(wEZCG4)3*er z8)~m6q&B#cwm!-V+UqQ>em>K0?YJx8L^l7yaauRjGGc|osE8qB2}gvn6TmmYfX&Y} zGP%WVOIg_5)ktW1TgZ)o8dB-9%t8>1Oo&&w(2%7igkP9A8u64#tXR6VdHBu2M`ko) zlrRf5K+{W-{^M9xU!|0uhG)o>797LtTBe$0GQ}j0+fwrWeABv%DZY=~F|gw5hK|%y zabyb^rn`;B$#C<~H!`7|&*TN5?vK4|QI%|q$30#z*$FN)3dVug3Cv^}r?eZSzs`Th zeiEZnLc07NY9^Rz4pk69M-`9qPnL~6p3k2250aryhP!?2{uFRq2S)NdY3I{uLhEcj z$awN{#_m1&`Nozy@t|uvb}t)9#9^;I*l__Tdq6&yBT{OGq!2Pk<@XpmEn|3T^|-(>(+<8>d4_jWWPg0lxZ znJ5U7^PBDtQHyCtIMa6!Pz_QRX*@sQM)@@BdWEyp;Xsk$xx#HaW^$k5Zf<^V8F96T zC0yt1v=lt&Av&wYZC8J;qEO}QoL)`PlhFrq9(YS}zD=s|hF?(zr)M)@klcjdQ0or) zJXclM2oK%P&i>@?9j45|(V?`N2P*4+A?@~dW9GT*9-?-|XJE^X#8uD)@-=4WRC7as z$j2nhOdTOo4NE^dkWa)ZjE3BLgfK&TZqQ!aXR0So9jY3 zF?{P)Vlx|~;J%Kjj14R_H#Dr!)PXE=%PZu}>Jmfrkru>LjvvRZ2%SGJt;%Znbwaw1 z;&PyJ3F$Q};9(oF7)S5xulu576`e0zaSp-Mk2?jQfF=8rzZ9XAW~F!SlfCBsf*OLo zI;-0 z?TGC(CEAlb(M5xFT=(*++WTtn1L}w1au$>ml4?t=b~*JUmeLh;z9Z}hC1wzZ+POE4 zfV(!g`tu-pl=sD_H_=Lvrd4eg{9HFp!rWZ6RyZ?x_Q2Ux2xaHJ}J|`}dHIu?Vhtk=(BoVXtB8|vXqAy3N zM(rWm_$$%lj-a`VtIaPZRwpLP?8(yZGne!x@s-87M)dXU_pLwM-&4MvjSWpzLsC*@v1B}$%>l@x2?&MHsNvHyX8F-Br*J4XQ`xY@@_;B%W7fOGuVdzH9ep{m!(Xe8eVgGwGCo znVnxf(?)Z;yeI{4>UHJCKf@DD37eBMZ$ROxbW7hu>nMYbEyJ%L6jvK*b`C0x;A4zo zy?8475M7WktBsgx(K|KvLVYvlUh9M_7gh`vmsC(`tKo_4!^DN4$I?AS+S3c}GMIoy zSmiX=o4O!)!t%RYXC)M?2HeTtvtDmxPcyuIiT0efSgbeg#H;8HQ+Q0BDilnV>N6Z?>OuItB`%MgoPvEqFuI4xZNJ9& z$X8fcXZR@kU|lYuP;-oyO7iT^lytJE#rG$~_my&IjCJ7|r@JN+pd9*NhZ$NEFE|qC*IMyLn8P0Vt9?%rDH)g+iWR}eez|M@ zsaFHvIIu{}>e9&9U@pA8wt%ikB`WWH>s5VKU)4f~)+iaHlzg~$y4t%$yTj)^e69Wc zxYWlkgRSi(l+T6+CbJ$jk`nTzPfJYoOl^IBFora*H8gl(wtj`p!kfF1o=RGJ_gk36 zf>j&HXQ_6cTJ@FgBwLIELH7D-8+(T$`u@G~Hr_homKj&0Lo5wE2TiQRy74gb;Li90 zx7CmWoB2h}_ZU+RqOXNZL-(phvxF%Ij1)I!$gu9Z9bEa;4Vpv~)t1|w*zw$&j^%x< z*tWVETRlOv|JHT4^cYeWP4aNNOZ6Jn!D}wmVeW};b)dudPsqMI;$xzyPZO8Vbcg2P zi=5JdhAtFV-Jc3TVbA48C98eXZ#|W!60Im%BpMEyOXe0h#-zbMg=%H_;lDYV|FEf- znfydI&(xs#mH?MAO+tZe^_`Cj=aMfW{&TBj{=}>#(o!>vrQRK5XQA_aLfUtusFe@w+lB9S~G9v;2q9D2Zgdi!B)Hg)EL zz6S{n*Q!MHwE;|ocv%fMyKM@&nu0Oe@cF?lE|cAviR2f}T(p{Fmn{2qh2BKkIhAwHUZ-C_ zrY{N%e~h)M#4{CA_+aZYPrR+iZP)lltb67E3!Erp*Hc2XDJ6$cKau>SKrY}l*Vm%1 zE-Uu7Ab)XU^YXYgv_d)pjg}`NiUwe3?b|yfne?kI#H_INmdJ7Mc4%VB4B){^(_V;l zo*{1wG-FJ@5P^7yDBK-6AbxEEAHbaM9TZ`uhUp@lR#GDH&kP3s;!yf2cSt5 za2S$K7kobx_;X4Xz+ejR(T$iZe`4+$>H&r?U* zNqgx?0cyn;p8EGi0-pjE2hsZb4TlF1MXW|NLJ2yiOB66n`;*>mQ+Fphucj5YNA$hW zbzZLhrtZ|qFr%C)Ok3!jQ$b`7bzapCcInd4`>km2aqeprI`aa7+Vt;9KG$~&(3&IY3#H|vfh zqR#vQqL*arc=%+uWiNuyR<6?^Xp-0pHbj$7y13w;V3EzfsI2@g{Xo~JD8>Z1vmZF` z1v;9hw+%z?d2}cBHtGY!PHOC+N@s2JX;&-OVP^S+IkbF z+`9K9$qKjN{QoCs=k-fI6{DtL{QokC=k|Mih-bof2j}{_{(oE7$bNh$fblRQBOz?G z!s)y%nj$nT$2ntgx@}ppgTw&RV2aOXb2X~#8m7)?cHKVjj3AAjl4!gTYzTS3-o#g> zBnvrb#jr>6^;Aj8Hybfyq>sV8H2iM-HOdWeuV+$=1ksZp%vB=WEGPP7O28Z|k zw4I>J7dcUo-K%r#5=MIePV4S`cTH)^@aK|-Uv2cf|5((cD$c7*6W*GJmNyneyZ%8M zpJoWkYaMFgC2Gqw;M<6%yj-K6fm#cX&>M5%#H2$cAy-k0Zd-cCHd{k(%hiH}yfzH5 zvhL!MUW(;R0j z7@}8|*j-B$9NGkPN2pLR+@{Pd7DQJBE0RW^BwW13lJq@Vr=b$LELs^k`6!6sL0JZ^ zE;@=Sm$_7G7;c6e!WjY(;`bjrf{&hFMB{-sWx#K+nlij1vf4`{@X{$F#XAo63@*mH ziUkvMpGx0$UK}~Nl(2I3|7GVE#r;kj|9mJ(hjUt2M`6M(N1BBcwt|4dC zR(^mNstW8@=TCsbyK)WN`xC$#KO}}75+64%>f?=>Ok()p7B;eHU8el^MNDJ1`y9~V zS62%Xk%=;dmu1fUT1V)ub(K9GJyMf)x3*ClNUJ$eL19A>kpDD4&1K_i*LEW z-)HS)!uPCpqPnbl@%O4+!c_9KW3zEd*5=c=oeiaosgE#0Y}y7qe>@i+rY2O#N8ag` zb1L}*6=F2j!M3xiM(E$)25;ull{L}8+CQ(nuCb+rN9jM*#Bt&_;gslUAtvUVF=W4Z zN_eV3!cDH&G3SE4tb>w%0Z&_rcES%wxfnv)`ro@4eOw0z4ct-3w4C6T6k5uuyFh7v zrSbR9kVm6-hZr?HN6mvJVx?N{Ri?W9bt=K*`o+-N;3h>GY?YzRjLN;HXMsyeQC|O2 z6iNmcf8%WHgmL}5E{TXR!3&d}?I7xOt9+$RA0M=en_{eXASt(>8c-^Y4Qho!HCgFJ zK7YUty0anlQ&VY0eWOLM@OdTZm?z(}z-m}5{FNz;5J}{nOB3{|=x^wr&oM7PpYCGl z>eK-5on_Rt45YnsbTqcuP|%`zr#C-6+G9OK@!-Y?@m3ALktoKUAiUzrhid*~lK8{Q zYb3aOmMT|H}L~cy%6#{O8Um2H>J|R$Bx`Fa+7dy3` zXfP1?9m!WHAFlV%#C?u3J9Iw2?VXe4ke3yK7yko@K-Yw$plRGwb^+!GQ51MC?i7kl zl94TO@(Xq3MWKMnPIVOWSe_sB#gKk3>7^Yj{uYdmhD5m~`_FM3>=t2z&JV5d^_&kW z20HsU#TmaWfp5{B&i+B|jmA#aq~htRD`GncvQ#D^FNXh%QNo&QUeZYY2Q^GuAbqNW zy5^@VwAFi1QiyhBVXhpC5RM?RZo9cyrEI+yJyU_I+-$Qt_)@J~s9u|RI0muH?iQmDlaBJaK61^_ zhD~-dKBb0J@~tB5^l|mh!Z`mW7p@>*txi#hWftDtH+prf(j}zVPSi$-q-<0`#wR|= zCO+X~i%_jyIT01%6eaIdQBvGD!L|9x(M_hL>u$ga#pumszJIW39>VIH)MJ-mrdbKbKq+%Hgv04)UCoj~p``lueg(N9@+r=un=-u~H65C1mquSvet)?Uz<15zoc;7aFAybXCbfEhUB`9nwrB=zS zTu=uS9$xyEoM773M?9Ur=5><)fM_ByYUGSIRVn-)EwU=vVY3ad+BtLM9ri|92Z)uH zg+CG5ZhllHtY{*(`x&uQ`f%9}-Aj=GQ0cFEp{Z=sli47x=0I~w>w|DikT~QP#9St|U}{+qo0La@ zQ5GrufIAZKM`0An=iFOS5}BN*d9{5#ot*rEY~)CzS4kPxsvg$FLo$S=d~?_^rzi2S zCIxH7@YH(|O2o}Z8MiK`kqZrfmKTRem;;ul1hu@NI;)rsEq}#}i5eV@nUVhCD}KZsDP*SI zkfUF*JkcZ2pi7HkYf{;@C(`c|upT(=2eIL3{Eo~Ex5d*^xQRP}idk*=f{EBUdfOZ? z2pJ_Q|2Blkh`*2)8!u~T{vm>5_~YhrI`~Yc76E(&T}TTq#)m6bzB)43Nf6Ov!}Mgu zvvS(C6?LYx$i@QZ2Cv_ z+|p3Q`?uR-uD{-XVBmhpTW90qa7;%7U$AggnW7pwAZZT1#7Z*8# zrQ!c3Mp&~-Zwnxxrd5et)rJXpbDX!Cpi9Vw?5FdDqeO@62 z#CpC;$=Rski>0-VBcm_eK8#cmR0gQBWfAB98IrH=^>Roc0Y8ZcT0}hnQvXIyYhgG> znf~Edo1h*$#Eh|o6WvuD`p~g|-9l@r z`6^Mdsj4OX+b8uUM!ZNehFil!Hee3`W5MuEWu=a>Ax5@Euj?U1B96F?*`HvTM!=t4 zlL5us<>HP}v(6JL;0A|dANF!2V=rgnLxxKMirba)wpqB_b4F~hwP?U_y=UA7?sUZ`iYn4JV zkvG6ij(^VO7gt1Tdq#xxH^y?%%V(yVc_}aoc4%YhoW9I+MUH4fp%v}I_o4MB&`A`v6A4A3DJ+*%YbQe?aEC-Ei zQ;Y&LA1x({!lDbB;zU)h{aX!WBtE}Ueu@CtP0lLm7ffeVf`>F;l6MU1^s-f^ca+m*rUj!Q+|9YMUB?1a?n^ocTczQx>$eG?N)2|J6%|YGE!q@id zw-!vtkUT%ITMwC@6ZjobYQTKHRy6PDQFt5dIWBfUP;g&8-hE&0K(U}dE*Gv_bhHFO z1XAZq^@CMtc8^DoU9xA8Uxb z;u{$b*(`)2&X?C~D>y$**-~Fx8nKKh-m_=?MS(ZEz-%x$f|8wi^5mYKl6Qs1hWS>y z9z&eHL0YL`Ms~rD3j+U2Z&4=??2`Cj>#G7bN4m$coxwnJ8o zjp6QTpFUIr^W{tj(bh1Qr`5Q&S&Em*1PT$zLq`HQh4z3}h*s9yDPhOdKY^nAM697r z{1IbUm_o1~i9|O0UDJla%Rs=usZyhHsYfi%N>8q9oojZ$`nNVd9}r9DjSilwff&04 z^9uWje}oavXP`^-w_a;RpI+@+`@aKt#uj-#rPBJQNbXTD^F{p|2QGzjze##NN*NL* zZoK&8OM?scff_Ruzr@pa1T(nXKr33EL?@+2TVrx<7@pwN?&MTt(KTAiZXSvA6SM*hEC`Wwg&$P$~s8e`UbkNP$|#Vy;_TuF%{qrC_g!}TAKT* zeyv2o_sw|uu^t#sL>YGv2$K`EV$Lf~k+et#boeq7@w$dJaS3~TSme;JoRWi5LOyPi zsbwC3NiGMt;Ibw<23a}B?Vh4Sd?4dK#`Tp;jbp0*a>sKbc_2I~v#aPuF28={R%u=Q zRxqiRkp*QM4%pJmae9m>MI3#2F4nyszm~nVwqbv*Cs91VT+YbE4xL3g++CHrZ!;B7OQm?TgQkP7j$*;BNi|c~ZpVBg_5Qax9^Ng&0t<2B%;zjD2 zBs}fXOWavzchH8+Dm@C9YB|iL=j0VW_&X;mABG*iuHluyX>FY?p7Oc{9sdaW&hukK zcN+LYQudr?GFhx@1$`qzEzeXsBlsO+?0V44v{-R1s}F^8(B}4{y!9Q6yEv*1%(Hqd z!2e+l5qz_ao?dLX_3(bIC^w;bF&k_DZ zJU?eD%0EDO3+H`sn%e1rn|!+4tMDi0V0eEjNtDpsfw;q8P!IT?0})<;|E>OS&KU%y^eBMf2saF(ZN>LA}~DoRVu5#6RJx~24ABJd#7>{&Q0WFVk#nS zd7cL~{;>PD(#v7TT~OVz4&U?70(aN4K)ilT&c7nr8H8f2jJ*Q;RJ2nrsPlZ07T3OI zZ*CbzawSKs=c0KKlawP3Ni{VbPXRYkFJb%N9kqw1w@&}R=m~gZGD36R_wJ7mYC9(4~Z?H1QM`MM- zj!2pmeo;~8>>&=>*Pe4|MhRRTs~dNX+9gf}Uk4|3RCOm13rYA#2b2?DcLLA)d^Hkx z=TZaj?!=avXP>|kvLtf1R}5*7M2fX(>*LITO+kGszxQ4hZQ#g?IdRDuH;=F`B{%Rr z*p*5Tjz@Guc5XlR&mQ#U0iSy%T5_ox=nYQ=D+Z-LD~`^JF^mwSDM6wAVei=!Kdik7 zT`E7gtBn=N;Ac(O*`1+p5);xIR&r4TNR zM)Ob8%JjYJ!#zIN&*WC%@_$h0y@+CRN3nd-yF!GjYZ)Us8Y6Ue?Ez z*UpZtnFe8=Sq3h^_z@YiuUre{e!3F6!`jsPV8;q81=k&QE@!z-Noz6EY9Rv;w!<&4 zKTw=R$^F!HiVcVHO(zbe>yjP7_UZ}e$~(DDgRsbHPDhGO!1q`TM3JKS%kJz?R(c7J z8qIk%2=ViN$fpGb!);2wx^2s0{c|{lW^sxR8$hn;ma6d%l%OcQAun^v2c~S!A1$=o z4Q9MTG4+xGpRvkeI+59~A!b5RZ3hkF3DrysE#?5S@(_anxGt>CCmWYgS<~Znjp5hG ztf6cit#nfi*JL|;jU1ayz=dvCQdL&qS)bqhhk~b#8B=rp462p6DA(*5(-+p;i4$wK zg=MNu6hbHSZ*L+J$=iA;VV4XFHLju8U$T?sh1eZ2AOlK+q~I125vH+D83sQM08joO zq;FJcrBNSri#Ckr;Iy>WCTs(Tj%T}2jo`(x9ImF`N~5v?U`M@eMtxFt(cZidQ);Ue}*Z;r15hDj@5Lqjv&7pDb|hh~u0hodNUnyWh>X z8v0dk;paYP!~1m$8@`DgLhr0&UHjPteVAZu%HohB*Ax~@!c!0aCN<;wfTWtLL zNxe=To4j?YO_Mw3#lvP$aA!CGv|V+L*S=~na{X&!@Fi=Ohzs+5W}QQl#3|#ajcb6l`jh@uVb|5M`W!I)I{3%X!uobi!p>V5l1;V3H6jKUHhX%qaS2Yf#XJm4@FBt}6M=+0&szlyp7+ZASD z$lMf50^b6GjdM(54JyQ|fKovK5zGU!^n z&S?K0F%?Yg&*-5Gg(U$7fL7}?dvc3O0L-}c&lNv8LBDY>3j z=6oNzZdWLZU7)}*`QklWYS&)0!r231 z5T4dn#gfYPvwTs%2VY7owIxUWrkzIyh9&`%!r=V>DG%rMr#=>^!hR3W_F4S?*zb`P z_)x(7|18(%_62;2C&G~Pb)vqQ<;777Jc4kEp_|WKL)M zp38d~I;9pOWhgifzC$qe-CUm~u$8o!&NZmlYkjT$t(RQ3>-S3;ks1f$mR{bik5GG) zAYCQIac!X9H4pQCxuZo1rYjNo~0rKEV@SF1^hN=pOi%J6{2B6yx+lh7l?J7S%dWOo)1Q5r%@V)N%-# zL{>9SiBuaLNco!2dRpV56a=HY#bHSD@^xU4Y-Ogal7V_Z(<>>&Z?d@f-j)@Efnwy) zZ%Kr^x?4G;4C*s!AGp;X%?SJD)Kvg+v=beuVqd48mJ2oE$pL!hep-5xKWJ|}Fm{p&VK4gY%V^%8zEA?- z*5l6DU>BKTlZ8^b(IWD$M(t;O2UwJm>2V1Ro}=X7DhQDhhFyT?^P)mMY5@+(WTX%m zUL1fAYLRmV)&X$&;k0iwv}O&rkt9MZj@pHxGs@mm6$Az6QkWv*$NH{)LgpW*(Uv^U z!YDrYXs-pz$pzs=M>pv@;7kVt666uQEQv&n_wQfV@RFVx7eAtvb=i)FTRQG(5w9Y~ zL@U$rkj0xMOojkh5bsoDl#E6sDOd0#d3BjD1{nLj1QIaJ}Jr z@<403Et{fpxs%G-++rH`K$K5Ae>vgHzC{^p>Cwmda-n~+4uCE)n?L~O|pC+Ta=0-l69H^h+pmP(x zDU_W3kG6epaapI~wm(C691eMrVUjrM<99e9O@T<+SP@yi6UiBrOy_=lRVX+|wYmNQ zfKnIp>ElYg45yG#L>)niXPDUP*L%u#54a4T**!x>dq$1h>{`rXNk_M8pYc?*;VO$o z2a87$x{&^wce0$W5|Z;3$nn_mjt#dc6uONC%h$W;bbcG}d~Y2TqeSQDrCT4&QN!>i zEd%@Uu`pI0$j%R3&N0NLi8YVoRp;k?H9F7$_BC@M6%VNXVA@&xpNmJ`u`_mUoEf#VXmPdQ_mur4`i} z`KOhAIze%`d?OTQ7PN(RW?hrvM3?P!Vd&M$BYERWmuc{h$$e|7J@# z>@TezWJ8c3gYSv7N8rQ^LO>3JeGqYo!04;L<7zv6W4RvfLfKiD3Fg4++PwL8iUwcl z%Q6i9k=0!Lk;B6I{}rZM((J&~EGR4Mtrp7`<7)2q1-rp_1I!t57h0q<(UR0GA*JeR z?4g*{UKsp#ogy#Z^#DcoDl%djHy`J#HyEx(%cN&gjZPRcn=Vx3hKJjZ`FK>}g<=a0 za!PE)MfxwITSd!m07Wp#S`+CV)XmN^X+?p8Bntk+TdR!L8pTK?C^p-vSl)rYy(8YW zk&~H+m7zu!y1wPCyOhNR#!VnlYH+&AhR|egsRXuqBZMRVbfo*55#XY(;NYY zu7L?cKPe0MkU3qd59_Q~!lK`T6W3_%;=UU191!R0H9Wa^i}cs}oYNWkfZ07e1MT?W zAFo?vzxgy7&ZuB(OgUJ4n#QTMKhpeI0(8OZP+xnnO2R`F8VGpPKWn3&XIr3(kG&n; zo4lq(tKII1IB1O}*g^3ra3n67Qgcsa7q`D9jt@rYWj?w2QmabSv_N7Lgtp8}Lc(mZ z@~b%LAv78i)RAcNYGnx3bspwc+B@KPeAY(F1+)%M82d1MWh{9z{Qid?$ninL3OYX~ou&MHLk27Mg%mbyrR?jQr9>M>MQ0VQ@;e2vxfFwHsVqXJC|f|Z z;MKJ|~Iy8?O*KFzX`%h6>)ID5sMXhQmR; zmg?FD*|Z|lyNWb@Fe5-cRV=84FaZ(JuimtphaMS;kAyVFY|)kNumNM(Vu|RmyE%Zc z2Yi6aZ?)rj3md$#nJz3{U?mCcgKG*DyF|e=54w)Z^HusWY7ZrDr3vTfV_g+7R(rOO z8mGGSIuZ}Zs~3{4P-4(q^P53Tq16I9Y)YDH#vcU^CE60gH1P!`ANY?Ico~yt(48Br zG{)!7u2ZA(M&8_(Xj|5Ax7w@fztOnnAWCvyj8Slo6x4^ zg46JCUjHZi$kVih@~96rJycF=32^xwB@hA(aQB5Tpt4>SE)7 znqFaBtJW*Md3skz6>F8{QF8v&)eoP;BEBLFIU!!GqQc16x~4~}3%?X!M6f1!ndm3AEZzO$6@B0>_G>DYu+Qm zt;f)izEN-UEclhkpYbN?_wiM-R^WNwycGP$KE<|B>3^?dbX;;e&HY0z%>4;j z{(Q8*_NRUkVqU0AIh9pAsL?&?h4by0+Q4IXX(S(?OTItU;J_Xz1Ic2PE%tGjyqy5| zJz%f0PJ?q^MgA326RolAAhTu)?LZgnRu@mMnwH+Gt@9cMwr( z3NUspFCN;a-Ob)E5_{stcZs@g-7|rthP*&BfXHOkplxzXJV!DdaC+Pk*U&S?F2*R?Pm5V*!=Skvi?L>}@k<9tvfE`BcASymtO(?Fuk7ILOov0c;0PH>)9oWU`nkX3 z1jAo{j9HIDpZ1d(L{Rq%1{&> zW?rOFz-bwQF6r`PO(XD*gF0)E>SxTvQddWg-9e2FOn4Xpd<}bNjDz1$xkv3GR!rZn zByTPoR1H&Q!){@SCz7YnS4^e#8?w+F`$}!n;bWcuO=J1Q$UDg9Mx9IYRuVGorkkYrMAUnCks&Xv_4NMGfjL#o#EUq<|}d?^)I<|4K(Jk7(z z!M5Cm8ur1fdZ9XsIoqK|(Ff`RGQGyuW6XAAZk$nyU# zEOl`VBg52xVYq8V8AFnB2GLu gaLlmmMy(!KH5(35yYxWAOiarA`4TC}aW Date: Mon, 5 Jul 2021 10:40:03 +0100 Subject: [PATCH 2/2] Better bounds checking in Jp2Image::printStructure --- src/jp2image.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/jp2image.cpp b/src/jp2image.cpp index 3bf3566294..2d6dc21183 100644 --- a/src/jp2image.cpp +++ b/src/jp2image.cpp @@ -538,6 +538,7 @@ static void boxes_check(size_t b,size_t m) if (subBox.type == kJp2BoxTypeColorHeader) { long pad = 3; // don't know why there are 3 padding bytes + enforce(data.size_ >= pad, kerCorruptedMetadata); if (bPrint) { out << " | pad:"; for (int i = 0; i < 3; i++) @@ -547,6 +548,7 @@ static void boxes_check(size_t b,size_t m) if (bPrint) { out << " | iccLength:" << iccLength; } + enforce(iccLength <= data.size_ - pad, kerCorruptedMetadata); if (bICC) { out.write((const char*)data.pData_ + pad, iccLength); }