From 347a1d8d956f9e64af4463ee25311b60cdd5657d Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Tue, 12 Aug 2014 12:31:37 -0700
Subject: [PATCH] J2k DOS fix --  CVE-2014-3598

Found and reported by Andrew Drake of dropbox.com
---
 PIL/Jpeg2KImagePlugin.py |  3 +++
 Tests/check_j2k_dos.py   | 11 +++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 Tests/check_j2k_dos.py

diff --git a/PIL/Jpeg2KImagePlugin.py b/PIL/Jpeg2KImagePlugin.py
index 0a7a6e29757..53b10ca1a68 100644
--- a/PIL/Jpeg2KImagePlugin.py
+++ b/PIL/Jpeg2KImagePlugin.py
@@ -70,6 +70,9 @@ def _parse_jp2_header(fp):
         else:
             hlen = 8
 
+        if lbox < hlen:
+            raise SyntaxError('Invalid JP2 header length')
+        
         if tbox == b'jp2h':
             header = fp.read(lbox - hlen)
             break
diff --git a/Tests/check_j2k_dos.py b/Tests/check_j2k_dos.py
new file mode 100644
index 00000000000..68f065bbcc6
--- /dev/null
+++ b/Tests/check_j2k_dos.py
@@ -0,0 +1,11 @@
+# Tests potential DOS of Jpeg2kImagePlugin with 0 length block.
+# Run from anywhere that PIL is importable. 
+
+from PIL import Image
+from io import BytesIO
+
+if bytes is str:
+    Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang')))
+else:
+    Image.open(BytesIO(bytes('\x00\x00\x00\x0cjP\x20\x20\x0d\x0a\x87\x0a\x00\x00\x00\x00hang', 'latin-1')))
+