Avoid overflow in multiplications in utilities related to big number of files in a directory (CVE-2021-29338) (#1396)
This commit is contained in:
parent
79c7d7af59
commit
1daaa0b909
|
@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
|
|||
goto fin;
|
||||
}
|
||||
for (i = 0; i < num_images; i++) {
|
||||
dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
|
||||
dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
|
||||
}
|
||||
}
|
||||
if (load_images(dirptr, img_fol.imgdirpath) == 1) {
|
||||
|
|
|
@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
|
|||
if (img_fol.set_imgdir == 1) {
|
||||
int it_image;
|
||||
num_images = get_num_images(img_fol.imgdirpath);
|
||||
|
||||
dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
|
||||
if (!dirptr) {
|
||||
destroy_parameters(¶meters);
|
||||
|
@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
|
|||
goto fin;
|
||||
}
|
||||
for (it_image = 0; it_image < num_images; it_image++) {
|
||||
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
|
||||
dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
|
||||
OPJ_PATH_LEN;
|
||||
}
|
||||
|
||||
if (load_images(dirptr, img_fol.imgdirpath) == 1) {
|
||||
|
|
|
@ -529,13 +529,13 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
|
||||
for (it_image = 0; it_image < num_images; it_image++) {
|
||||
dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
|
||||
dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
|
||||
OPJ_PATH_LEN;
|
||||
}
|
||||
|
||||
if (load_images(dirptr, img_fol.imgdirpath) == 1) {
|
||||
goto fails;
|
||||
}
|
||||
|
||||
if (num_images == 0) {
|
||||
fprintf(stdout, "Folder is empty\n");
|
||||
goto fails;
|
||||
|
|
Loading…
Reference in New Issue