Strengthen integer overflow check in opj_pi_create_decode
l_tcp->numlayers and l_step_l are both OPJ_UINT32 type variables. Thus using SIZE_MAX or ((size_t)-1) to check integer overflow is insufficient. We should use (OPJ_UINT32)-1 here.
This commit is contained in:
parent
865da86c14
commit
2cbad4f074
|
@ -1239,7 +1239,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
|
||||||
/* memory allocation for include */
|
/* memory allocation for include */
|
||||||
/* prevent an integer overflow issue */
|
/* prevent an integer overflow issue */
|
||||||
l_current_pi->include = 00;
|
l_current_pi->include = 00;
|
||||||
if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
|
if (l_step_l <= (((OPJ_UINT32)-1) / (l_tcp->numlayers + 1U)))
|
||||||
{
|
{
|
||||||
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
|
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue