walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Strengthen integer overflow check in opj_pi_create_decode 

l_tcp->numlayers and l_step_l are both OPJ_UINT32 type variables. Thus
using SIZE_MAX or ((size_t)-1) to check integer overflow is
insufficient. We should use (OPJ_UINT32)-1 here.
This commit is contained in:
trylab 2016-09-08 10:41:34 +08:00
parent 865da86c14
commit 2cbad4f074
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib/openjp2/pi.c
View File

@ -1239,7 +1239,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
/* memory allocation for include */
/* prevent an integer overflow issue */
l_current_pi->include = 00;
if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
if (l_step_l <= (((OPJ_UINT32)-1) / (l_tcp->numlayers + 1U)))
{
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
}