From 2c0823cb30a70319c704565b59f496e490a3c7f9 Mon Sep 17 00:00:00 2001
From: headshog <124502670+headshog@users.noreply.github.com>
Date: Fri, 31 May 2024 19:19:38 +0300
Subject: [PATCH] Fix Integer Overflow at j2k.c:9614 (#1530)

---
 src/lib/openjp2/j2k.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index c0551870b..68998abc0 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -9611,6 +9611,11 @@ OPJ_BOOL opj_j2k_read_tile_header(opj_j2k_t * p_j2k,
 
             /* Why this condition? FIXME */
             if (p_j2k->m_specific_param.m_decoder.m_state & J2K_STATE_TPH) {
+                if (p_j2k->m_specific_param.m_decoder.m_sot_length < l_marker_size + 2) {
+                    opj_event_msg(p_manager, EVT_ERROR,
+                                  "Sot length is less than marker size + marker ID\n");
+                    return OPJ_FALSE;
+                }
                 p_j2k->m_specific_param.m_decoder.m_sot_length -= (l_marker_size + 2);
             }
             l_marker_size -= 2; /* Subtract the size of the marker ID already read */