walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Correct overflows in opj_j2k_update_image_data

This commit is contained in:
mayeut 2015-05-16 02:51:31 +02:00
parent 2d24b6000d
commit 1fb24aba4b
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/lib/openjp2/j2k.c
View File

@ -7987,10 +7987,10 @@ OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, opj_im
OPJ_UINT32 l_width_src,l_height_src;
OPJ_UINT32 l_width_dest,l_height_dest;
OPJ_INT32 l_offset_x0_src, l_offset_y0_src, l_offset_x1_src, l_offset_y1_src;
OPJ_INT32 l_start_offset_src, l_line_offset_src, l_end_offset_src ;
size_t l_start_offset_src, l_line_offset_src, l_end_offset_src ;
OPJ_UINT32 l_start_x_dest , l_start_y_dest;
OPJ_UINT32 l_x0_dest, l_y0_dest, l_x1_dest, l_y1_dest;
OPJ_INT32 l_start_offset_dest, l_line_offset_dest;
size_t l_start_offset_dest, l_line_offset_dest;
opj_image_comp_t * l_img_comp_src = 00;
opj_image_comp_t * l_img_comp_dest = 00;
@ -8012,7 +8012,7 @@ OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, opj_im
/* Allocate output component buffer if necessary */
if (!l_img_comp_dest->data) {
l_img_comp_dest->data = (OPJ_INT32*) opj_calloc(l_img_comp_dest->w * l_img_comp_dest->h, sizeof(OPJ_INT32));
l_img_comp_dest->data = (OPJ_INT32*) opj_calloc((size_t)l_img_comp_dest->w * (size_t)l_img_comp_dest->h, sizeof(OPJ_INT32));
if (! l_img_comp_dest->data) {
return OPJ_FALSE;
}
@ -8079,7 +8079,7 @@ OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, opj_im
}
}
else {
l_start_x_dest = 0 ;
l_start_x_dest = 0U;
l_offset_x0_src = (OPJ_INT32)l_x0_dest - l_res->x0;
if ( l_x1_dest >= (OPJ_UINT32)l_res->x1 ) {
@ -8106,7 +8106,7 @@ OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, opj_im
}
}
else {
l_start_y_dest = 0 ;
l_start_y_dest = 0U;
l_offset_y0_src = (OPJ_INT32)l_y0_dest - l_res->y0;
if ( l_y1_dest >= (OPJ_UINT32)l_res->y1 ) {
@ -8129,13 +8129,13 @@ OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, opj_im
/*-----*/
/* Compute the input buffer offset */
l_start_offset_src = l_offset_x0_src + l_offset_y0_src * (OPJ_INT32)l_width_src;
l_line_offset_src = l_offset_x1_src + l_offset_x0_src;
l_end_offset_src = l_offset_y1_src * (OPJ_INT32)l_width_src - l_offset_x0_src;
l_start_offset_src = (size_t)l_offset_x0_src + (size_t)l_offset_y0_src * (size_t)l_width_src;
l_line_offset_src = (size_t)l_offset_x1_src + (size_t)l_offset_x0_src;
l_end_offset_src = (size_t)l_offset_y1_src * (size_t)l_width_src - (size_t)l_offset_x0_src;
/* Compute the output buffer offset */
l_start_offset_dest = (OPJ_INT32)(l_start_x_dest + l_start_y_dest * l_img_comp_dest->w);
l_line_offset_dest = (OPJ_INT32)(l_img_comp_dest->w - l_width_dest);
l_start_offset_dest = (size_t)l_start_x_dest + (size_t)l_start_y_dest * (size_t)l_img_comp_dest->w;
l_line_offset_dest = (size_t)l_img_comp_dest->w - (size_t)l_width_dest;
/* Move the output buffer to the first place where we will write*/
l_dest_ptr = l_img_comp_dest->data + l_start_offset_dest;
@ -9619,7 +9619,7 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
if (!p_image)
return OPJ_FALSE;
p_j2k->m_output_image = opj_image_create0();
if (! (p_j2k->m_output_image)) {
return OPJ_FALSE;