Added multiplication check to calloc calls in opj_compress, opj_decompress, opj_dump. See comment on commit 79c7d7a.

2022-01-13 00:53:55 -05:00 · 2022-01-13 00:53:55 -05:00 · 33c2d33c5d
parent 79c7d7af59
commit 33c2d33c5d
1 changed files with 6 additions and 0 deletions
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@ -1957,6 +1957,11 @@ int main(int argc, char **argv)
    /* Read directory if necessary */
    if (img_fol.set_imgdir == 1) {
        num_images = get_num_images(img_fol.imgdirpath);
+        if((num_images > SIZE_MAX/(OPJ_PATH_LEN * sizeof(char))){
+            fprintf(stdout, "Max images exceeded\n");
+            ret = 0;
+            goto fin;
+        } else {
        dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
        if (dirptr) {
            dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
@ -1974,6 +1979,7 @@ int main(int argc, char **argv)
            ret = 0;
            goto fin;
        }
+        }
        if (num_images == 0) {
            fprintf(stdout, "Folder is empty\n");
            ret = 0;