From 1daaa0b909aebdf71be36238d16dfbec83c494ed Mon Sep 17 00:00:00 2001
From: Eharve14 <71228603+Eharve14@users.noreply.github.com>
Date: Thu, 13 Jan 2022 15:05:52 -0500
Subject: [PATCH] Avoid overflow in multiplications in utilities related to big
 number of files in a directory (CVE-2021-29338)  (#1396)

---
 src/bin/jp2/opj_compress.c   | 2 +-
 src/bin/jp2/opj_decompress.c | 4 ++--
 src/bin/jp2/opj_dump.c       | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
index 1399d527..646f1375 100644
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
                 goto fin;
             }
             for (i = 0; i < num_images; i++) {
-                dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
+                dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
             }
         }
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index e1217f89..0d3021cd 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
     if (img_fol.set_imgdir == 1) {
         int it_image;
         num_images = get_num_images(img_fol.imgdirpath);
-
         dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
         if (!dirptr) {
             destroy_parameters(&parameters);
@@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
             goto fin;
         }
         for (it_image = 0; it_image < num_images; it_image++) {
-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
+            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
+                                         OPJ_PATH_LEN;
         }
 
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index d2646f10..46b976a9 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -529,13 +529,13 @@ int main(int argc, char *argv[])
         }
 
         for (it_image = 0; it_image < num_images; it_image++) {
-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
+            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
+                                         OPJ_PATH_LEN;
         }
 
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
             goto fails;
         }
-
         if (num_images == 0) {
             fprintf(stdout, "Folder is empty\n");
             goto fails;