From 7b7ef7dcc7a4b4202b1bd8822a18a2ee95e9e866 Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Mon, 8 Apr 2024 21:10:00 -0400
Subject: [PATCH] LibGfx/JPEG2000: Allow COD, COC, QCD, QCC, RGN only in first
 tile-part

(The FIXME was incomplete, it didn't mention RGN also only being valid
in a tile's first tile-part header.)
---
 Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp b/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
index 9ee1f2dbaf5..47b04af7040 100644
--- a/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/JPEG2000Loader.cpp
@@ -597,12 +597,14 @@ static ErrorOr<void> parse_codestream_tile_header(JPEG2000LoadingContext& contex
             context.codestream_cursor += 2;
             found_start_of_data = true;
             break;
-        // FIXME: COD, COC, QCD, QCC are only valid on the first tile part header, reject them in non-first tile part headers.
         case J2K_COD:
         case J2K_COC:
         case J2K_QCD:
         case J2K_QCC:
         case J2K_RGN:
+            if (start_of_tile.tile_part_index != 0)
+                return Error::from_string_literal("JPEG2000ImageDecoderPlugin: COD, COC, QCD, QCC, RGN markers are only valid in the first tile-part header");
+            [[fallthrough]];
         case J2K_POC:
         case J2K_PPT:
         case J2K_PLT: