Avoid overflow in multiplications in utilities related to big number of files in a directory (CVE-2021-29338) (#1396)

This commit is contained in:
Eharve14 2022-01-13 15:05:52 -05:00 committed by GitHub
parent 79c7d7af59
commit 1daaa0b909
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 5 deletions

View File

@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
goto fin; goto fin;
} }
for (i = 0; i < num_images; i++) { for (i = 0; i < num_images; i++) {
dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN; dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
} }
} }
if (load_images(dirptr, img_fol.imgdirpath) == 1) { if (load_images(dirptr, img_fol.imgdirpath) == 1) {

View File

@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
if (img_fol.set_imgdir == 1) { if (img_fol.set_imgdir == 1) {
int it_image; int it_image;
num_images = get_num_images(img_fol.imgdirpath); num_images = get_num_images(img_fol.imgdirpath);
dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
if (!dirptr) { if (!dirptr) {
destroy_parameters(&parameters); destroy_parameters(&parameters);
@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
goto fin; goto fin;
} }
for (it_image = 0; it_image < num_images; it_image++) { for (it_image = 0; it_image < num_images; it_image++) {
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
OPJ_PATH_LEN;
} }
if (load_images(dirptr, img_fol.imgdirpath) == 1) { if (load_images(dirptr, img_fol.imgdirpath) == 1) {

View File

@ -529,13 +529,13 @@ int main(int argc, char *argv[])
} }
for (it_image = 0; it_image < num_images; it_image++) { for (it_image = 0; it_image < num_images; it_image++) {
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
OPJ_PATH_LEN;
} }
if (load_images(dirptr, img_fol.imgdirpath) == 1) { if (load_images(dirptr, img_fol.imgdirpath) == 1) {
goto fails; goto fails;
} }
if (num_images == 0) { if (num_images == 0) {
fprintf(stdout, "Folder is empty\n"); fprintf(stdout, "Folder is empty\n");
goto fails; goto fails;