Security: size_t overflow in jas_stream_peek

Hi, I am writing to report a size_t overflow that I discovered in this project.

1. Vulnerability Summary:
```
/root/build/jasper-4.2.8/src/libjasper/base/jas_stream.c:713:22: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/build/jasper-4.2.8/src/libjasper/base/jas_stream.c:713:22 in
```

2. Affected Version
The latest release version 4.2.8.

3. Reproduce
- Command line:
```shell
jasper "--input" "A" "--output" "B" "--input-format" "pg" "--output-format" "jpc" "" ""
```

- Compile the executable binary with "--fsanitizer=undefined" flag.
- Corrupted input data `A` (unzip A.zip first):

[A.zip](https://github.com/user-attachments/files/23467100/A.zip)

Best regards,

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: size_t overflow in jas_stream_peek #407

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: size_t overflow in jas_stream_peek #407

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions