walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Avoid overflow in multiplications in utilities related to big number of files in a directory (CVE-2021-29338) (#1396)

This commit is contained in:
Eharve14 2022-01-13 15:05:52 -05:00 committed by GitHub
parent 79c7d7af59
commit 1daaa0b909
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bin/jp2/opj_compress.c
View File

@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
goto fin;
}
for (i = 0; i < num_images; i++) {
dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
}
}
if (load_images(dirptr, img_fol.imgdirpath) == 1) {

4
src/bin/jp2/opj_decompress.c
View File

@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
if (img_fol.set_imgdir == 1) {
int it_image;
num_images = get_num_images(img_fol.imgdirpath);
dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
if (!dirptr) {
destroy_parameters(&parameters);
@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
goto fin;
}
for (it_image = 0; it_image < num_images; it_image++) {
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
OPJ_PATH_LEN;
}
if (load_images(dirptr, img_fol.imgdirpath) == 1) {

4
src/bin/jp2/opj_dump.c
View File

@ -529,13 +529,13 @@ int main(int argc, char *argv[])
}
for (it_image = 0; it_image < num_images; it_image++) {
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
OPJ_PATH_LEN;
}
if (load_images(dirptr, img_fol.imgdirpath) == 1) {
goto fails;
}
if (num_images == 0) {
fprintf(stdout, "Folder is empty\n");
goto fails;