diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 openjpeg-1.5.1/libopenjpeg/j2k.c
--- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 2014-01-07 15:13:20.297114457 -0600
+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:13:20.302114404 -0600
@@ -1697,8 +1697,11 @@ static void j2k_read_eoc(opj_j2k_t *j2k)
else {
for (i = 0; i < j2k->cp->tileno_size; i++) {
tileno = j2k->cp->tileno[i];
- opj_free(j2k->tile_data[tileno]);
- j2k->tile_data[tileno] = NULL;
+ /* not sure if this can actually happen */
+ if (tileno != -1) {
+ opj_free(j2k->tile_data[tileno]);
+ j2k->tile_data[tileno] = NULL;
+ }
}
}
if (j2k->state & J2K_STATE_ERR)
@@ -1858,8 +1861,10 @@ void j2k_destroy_decompress(opj_j2k_t *j
if(j2k->cp != NULL) {
for (i = 0; i < j2k->cp->tileno_size; i++) {
int tileno = j2k->cp->tileno[i];
- opj_free(j2k->tile_data[tileno]);
- j2k->tile_data[tileno] = NULL;
+ if (tileno != -1) {
+ opj_free(j2k->tile_data[tileno]);
+ j2k->tile_data[tileno] = NULL;
+ }
}
}