From 66fd497765939d02e8816d6d019839388fffdf79 Mon Sep 17 00:00:00 2001
From: Matthieu Darbois <mayeut@users.noreply.github.com>
Date: Thu, 28 Apr 2016 00:18:37 +0200
Subject: [PATCH] Fix unsigned int overflow reported by UBSan (#759)

---
 src/lib/openjp2/tcd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index af6b53f5..d590046f 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -778,7 +778,7 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
 			l_tilec->resolutions_size = l_data_size;
 		}
 		
-		l_level_no = l_tilec->numresolutions - 1;
+		l_level_no = l_tilec->numresolutions;
 		l_res = l_tilec->resolutions;
 		l_step_size = l_tccp->stepsizes;
 		if (l_tccp->qmfbid == 0) {
@@ -795,6 +795,8 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
 			OPJ_UINT32 cbgwidthexpn, cbgheightexpn;
 			OPJ_UINT32 cblkwidthexpn, cblkheightexpn;
 			
+			--l_level_no;
+			
 			/* border for each resolution level (global) */
 			l_res->x0 = opj_int_ceildivpow2(l_tilec->x0, (OPJ_INT32)l_level_no);
 			l_res->y0 = opj_int_ceildivpow2(l_tilec->y0, (OPJ_INT32)l_level_no);
@@ -1024,7 +1026,6 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
 				++l_step_size;
 			} /* bandno */
 			++l_res;
-			--l_level_no;
 		} /* resno */
 		++l_tccp;
 		++l_tilec;