Fix Issue 833

Fix https://github.com/uclouvain/openjpeg/issues/833
Check if whether overflow happens or not before calculating.
This commit is contained in:
trylab 2016-09-13 17:25:11 +08:00
parent 5dca623ba8
commit 16b0e4a181
1 changed files with 18 additions and 0 deletions

View File

@ -675,10 +675,28 @@ opj_image_t* bmptoimage(const char *filename, opj_cparameters_t *parameters)
} }
} }
if (Info_h.biWidth == 0 || Info_h.biHeight == 0) {
fclose(IN);
return NULL;
}
if (Info_h.biBitCount > (((OPJ_UINT32)-1) - 31) / Info_h.biWidth) {
fclose(IN);
return NULL;
}
stride = ((Info_h.biWidth * Info_h.biBitCount + 31U) / 32U) * 4U; /* rows are aligned on 32bits */ stride = ((Info_h.biWidth * Info_h.biBitCount + 31U) / 32U) * 4U; /* rows are aligned on 32bits */
if (Info_h.biBitCount == 4 && Info_h.biCompression == 2) { /* RLE 4 gets decoded as 8 bits data for now... */ if (Info_h.biBitCount == 4 && Info_h.biCompression == 2) { /* RLE 4 gets decoded as 8 bits data for now... */
if (8 > (((OPJ_UINT32)-1) - 31) / Info_h.biWidth) {
fclose(IN);
return NULL;
}
stride = ((Info_h.biWidth * 8U + 31U) / 32U) * 4U; stride = ((Info_h.biWidth * 8U + 31U) / 32U) * 4U;
} }
if (stride > ((OPJ_UINT32)-1) / sizeof(OPJ_UINT8) / Info_h.biHeight) {
fclose(IN);
return NULL;
}
pData = (OPJ_UINT8 *) calloc(1, stride * Info_h.biHeight * sizeof(OPJ_UINT8)); pData = (OPJ_UINT8 *) calloc(1, stride * Info_h.biHeight * sizeof(OPJ_UINT8));
if (pData == NULL) { if (pData == NULL) {
fclose(IN); fclose(IN);