From 1a232ba2a62be61d97d158af6e5127ceae3e39a3 Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Thu, 18 Apr 2024 19:44:22 -0400
Subject: [PATCH] LibGfx/JPEG2000: Check SIZ marker (w, h) against JP2 header
 (w, h)

---
 Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp b/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
index dde449822a3..85740bbe843 100644
--- a/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
@@ -801,6 +801,13 @@ static ErrorOr<void> decode_jpeg2000_header(JPEG2000LoadingContext& context, Rea
 
     TRY(parse_codestream_main_header(context));
 
+    auto size_from_siz = IntSize { context.siz.width, context.siz.height };
+    if (size_from_siz != context.size) {
+        // FIXME: If this is common, warn and use size from SIZ marker.
+        dbgln("JPEG2000ImageDecoderPlugin: Image size from SIZ marker ({}) does not match image size from JP2 header ({})", size_from_siz, context.size);
+        return Error::from_string_literal("JPEG2000ImageDecoderPlugin: Image size from SIZ marker does not match image size from JP2 header");
+    }
+
     return {};
 }